{"url":"http://public2.vulnerablecode.io/api/packages/61623?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.0.0","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"4.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.0.2","latest_non_vulnerable_version":"11.0.18","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43131?format=json","vulnerability_id":"VCID-2af1-rv9j-jugv","summary":"Cross-site scripting in Apache Tomcat\nCross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0326","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0340","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0261","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0524","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0524"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=238131","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=238131"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2006-7196","reference_id":"CVE-2006-7196","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2006-7196"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2006-7196","reference_id":"CVE-2006-7196","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-7196"},{"reference_url":"https://github.com/advisories/GHSA-pm78-wxxf-fw98","reference_id":"GHSA-pm78-wxxf-fw98","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pm78-wxxf-fw98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61734?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.0.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/61735?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.1.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wj8-en12-uuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.32"},{"url":"http://public2.vulnerablecode.io/api/packages/61736?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.0.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.0.31"},{"url":"http://public2.vulnerablecode.io/api/packages/61737?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.5.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.16"}],"aliases":["CVE-2006-7196","GHSA-pm78-wxxf-fw98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2af1-rv9j-jugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43164?format=json","vulnerability_id":"VCID-2jws-wtvg-2khf","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".","references":[{"reference_url":"http://docs.info.apple.com/article.html?artnum=306172","reference_id":"","reference_type":"","scores":[],"url":"http://docs.info.apple.com/article.html?artnum=306172"},{"reference_url":"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1358","reference_id":"CVE-2007-1358","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1358"},{"reference_url":"https://github.com/advisories/GHSA-xmc9-6p56-3c4v","reference_id":"GHSA-xmc9-6p56-3c4v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xmc9-6p56-3c4v"}],"fixed_packages":[],"aliases":["CVE-2007-1358","GHSA-xmc9-6p56-3c4v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jws-wtvg-2khf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43067?format=json","vulnerability_id":"VCID-aywp-amq3-yyes","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nTomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.","references":[{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/10771","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/10771"},{"reference_url":"https://web.archive.org/web/20030501051114/http://www.securityfocus.com/bid/6320","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20030501051114/http://www.securityfocus.com/bid/6320"},{"reference_url":"https://web.archive.org/web/20051124132812/http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20051124132812/http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2002-2272","reference_id":"CVE-2002-2272","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-2272"},{"reference_url":"https://github.com/advisories/GHSA-pqr5-9v2j-44xg","reference_id":"GHSA-pqr5-9v2j-44xg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pqr5-9v2j-44xg"}],"fixed_packages":[],"aliases":["CVE-2002-2272","GHSA-pqr5-9v2j-44xg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aywp-amq3-yyes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43060?format=json","vulnerability_id":"VCID-ccfn-tde4-s7hr","summary":"Apache Tomcat Source Code Disclosure\nThe default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=103288242014253&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=103288242014253&w=2"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>"},{"reference_url":"https://web.archive.org/web/20021027204137/http://www.iss.net/security_center/static/10175.php","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20021027204137/http://www.iss.net/security_center/static/10175.php"},{"reference_url":"https://web.archive.org/web/20030113141130/http://online.securityfocus.com/advisories/4758","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20030113141130/http://online.securityfocus.com/advisories/4758"},{"reference_url":"https://web.archive.org/web/20030710185447/http://www.securityfocus.com/bid/5786","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20030710185447/http://www.securityfocus.com/bid/5786"},{"reference_url":"https://web.archive.org/web/20040814165854/http://rhn.redhat.com/errata/RHSA-2002-217.html","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20040814165854/http://rhn.redhat.com/errata/RHSA-2002-217.html"},{"reference_url":"https://web.archive.org/web/20040817035804/http://rhn.redhat.com/errata/RHSA-2002-218.html","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20040817035804/http://rhn.redhat.com/errata/RHSA-2002-218.html"},{"reference_url":"https://web.archive.org/web/20070430075037/http://www.debian.org/security/2002/dsa-170","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20070430075037/http://www.debian.org/security/2002/dsa-170"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2002-1148","reference_id":"CVE-2002-1148","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-1148"},{"reference_url":"https://github.com/advisories/GHSA-jxcv-v856-j5vg","reference_id":"GHSA-jxcv-v856-j5vg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jxcv-v856-j5vg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61626?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rpqh-1b8p-dqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/61627?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aywp-amq3-yyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.12"}],"aliases":["CVE-2002-1148","GHSA-jxcv-v856-j5vg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ccfn-tde4-s7hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43073?format=json","vulnerability_id":"VCID-hxer-p6va-7kdh","summary":"Apache Tomcat Leaks Pathname Information via Error Message\nApache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.","references":[{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/42915","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/42915"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://web.archive.org/web/20200302170930/https://www.securityfocus.com/bid/4557","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200302170930/https://www.securityfocus.com/bid/4557"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2002-2009","reference_id":"CVE-2002-2009","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-2009"},{"reference_url":"https://github.com/advisories/GHSA-r6cf-cr44-m8rr","reference_id":"GHSA-r6cf-cr44-m8rr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r6cf-cr44-m8rr"}],"fixed_packages":[],"aliases":["CVE-2002-2009","GHSA-r6cf-cr44-m8rr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxer-p6va-7kdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43146?format=json","vulnerability_id":"VCID-kxc3-vz2c-wqca","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nAbsolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.","references":[{"reference_url":"http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html","reference_id":"","reference_type":"","scores":[],"url":"http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"},{"reference_url":"http://issues.apache.org/jira/browse/GERONIMO-3549","reference_id":"","reference_type":"","scores":[],"url":"http://issues.apache.org/jira/browse/GERONIMO-3549"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"http://marc.info/?l=full-disclosure&m=119239530508382","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=full-disclosure&m=119239530508382"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200804-10.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200804-10.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37243","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2008/dsa-1447","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1447"},{"reference_url":"http://www.debian.org/security/2008/dsa-1453","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1453"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0042.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0042.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0195.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5461","reference_id":"CVE-2007-5461","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5461"},{"reference_url":"https://github.com/advisories/GHSA-v5p2-vg3c-pmrr","reference_id":"GHSA-v5p2-vg3c-pmrr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v5p2-vg3c-pmrr"}],"fixed_packages":[],"aliases":["CVE-2007-5461","GHSA-v5p2-vg3c-pmrr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxc3-vz2c-wqca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43173?format=json","vulnerability_id":"VCID-sjn3-a6fs-gyck","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://seclists.org/fulldisclosure/2007/Jul/0448.html","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2007/Jul/0448.html"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35536","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35536"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://www.kb.cert.org/vuls/id/862600","reference_id":"","reference_type":"","scores":[],"url":"http://www.kb.cert.org/vuls/id/862600"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3383","reference_id":"CVE-2007-3383","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3383"},{"reference_url":"https://github.com/advisories/GHSA-wjwr-3jch-479j","reference_id":"GHSA-wjwr-3jch-479j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wjwr-3jch-479j"}],"fixed_packages":[],"aliases":["CVE-2007-3383","GHSA-wjwr-3jch-479j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjn3-a6fs-gyck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43172?format=json","vulnerability_id":"VCID-w8uj-zy2r-fyca","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34869","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34869"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://support.apple.com/kb/HT2163","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT2163"},{"reference_url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540","reference_id":"","reference_type":"","scores":[],"url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0569.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2007-0569.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2449","reference_id":"CVE-2007-2449","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2449"},{"reference_url":"https://github.com/advisories/GHSA-hc39-rjwp-qffq","reference_id":"GHSA-hc39-rjwp-qffq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hc39-rjwp-qffq"}],"fixed_packages":[],"aliases":["CVE-2007-2449","GHSA-hc39-rjwp-qffq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8uj-zy2r-fyca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43072?format=json","vulnerability_id":"VCID-wpnp-3yad-ybcj","summary":"Apache Tomcat Default Installation Reveals Sensitive Information\nThe default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.","references":[{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1","reference_id":"","reference_type":"","scores":[],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"},{"reference_url":"https://web.archive.org/web/20020602051837/http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20020602051837/http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html"},{"reference_url":"https://web.archive.org/web/20021026082659/http://online.securityfocus.com/bid/4575","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20021026082659/http://online.securityfocus.com/bid/4575"},{"reference_url":"https://web.archive.org/web/20030104173336/http://www.iss.net/security_center/static/8932.php","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20030104173336/http://www.iss.net/security_center/static/8932.php"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2002-2006","reference_id":"CVE-2002-2006","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-2006"},{"reference_url":"https://github.com/advisories/GHSA-8g4f-fh7f-4fwh","reference_id":"GHSA-8g4f-fh7f-4fwh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8g4f-fh7f-4fwh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61616?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2af1-rv9j-jugv"},{"vulnerability":"VCID-2jws-wtvg-2khf"},{"vulnerability":"VCID-5jm8-9upn-g7f4"},{"vulnerability":"VCID-7787-4bwm-efgq"},{"vulnerability":"VCID-96yu-fvee-wfbs"},{"vulnerability":"VCID-ccfn-tde4-s7hr"},{"vulnerability":"VCID-crhe-rt8j-wycu"},{"vulnerability":"VCID-eygg-nt7y-qubh"},{"vulnerability":"VCID-hmqa-jhuf-hfe2"},{"vulnerability":"VCID-kxc3-vz2c-wqca"},{"vulnerability":"VCID-qz87-x4zb-rud7"},{"vulnerability":"VCID-rdr4-db3y-p3cz"},{"vulnerability":"VCID-sjn3-a6fs-gyck"},{"vulnerability":"VCID-t4mh-zvhq-27du"},{"vulnerability":"VCID-wg7f-pjmn-uudk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.0"}],"aliases":["CVE-2002-2006","GHSA-8g4f-fh7f-4fwh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpnp-3yad-ybcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43149?format=json","vulnerability_id":"VCID-zam7-79x3-ekg3","summary":"Improper Neutralization\nJakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"","references":[{"reference_url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx","reference_id":"","reference_type":"","scores":[],"url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"},{"reference_url":"http://docs.info.apple.com/article.html?artnum=306172","reference_id":"","reference_type":"","scores":[],"url":"http://docs.info.apple.com/article.html?artnum=306172"},{"reference_url":"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"},{"reference_url":"http://lists.vmware.com/pipermail/security-announce/2008/000003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.vmware.com/pipermail/security-announce/2008/000003.html"},{"reference_url":"http://seclists.org/lists/bugtraq/2005/Jun/0025.html","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/lists/bugtraq/2005/Jun/0025.html"},{"reference_url":"http://securitytracker.com/id?1014365","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1014365"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1","reference_id":"","reference_type":"","scores":[],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm","reference_id":"","reference_type":"","scores":[],"url":"http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"},{"reference_url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540","reference_id":"","reference_type":"","scores":[],"url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0327.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2007-0327.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0360.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2007-0360.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"http://www.securiteam.com/securityreviews/5GP0220G0U.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.securiteam.com/securityreviews/5GP0220G0U.html"},{"reference_url":"http://www.securityfocus.com/archive/1/485938/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/485938/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/500396/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/500396/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/500412/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/500412/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/13873","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/13873"},{"reference_url":"http://www.securityfocus.com/bid/25159","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/25159"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2005-2090","reference_id":"CVE-2005-2090","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-2090"},{"reference_url":"https://github.com/advisories/GHSA-f2gq-p6qv-ccw4","reference_id":"GHSA-f2gq-p6qv-ccw4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f2gq-p6qv-ccw4"}],"fixed_packages":[],"aliases":["CVE-2005-2090","GHSA-f2gq-p6qv-ccw4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zam7-79x3-ekg3"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.0"}