{"url":"http://public2.vulnerablecode.io/api/packages/61632?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@3.1","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"3.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.3a","latest_non_vulnerable_version":"11.0.18","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43079?format=json","vulnerability_id":"VCID-5gdg-c6sm-dugk","summary":"Jakarta Apache Tomcat Reveals Physical Paths\nJakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2000-0759","reference_id":"CVE-2000-0759","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2000-0759"},{"reference_url":"https://github.com/advisories/GHSA-qg4g-6jcq-rw93","reference_id":"GHSA-qg4g-6jcq-rw93","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qg4g-6jcq-rw93"}],"fixed_packages":[],"aliases":["CVE-2000-0759","GHSA-qg4g-6jcq-rw93"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5gdg-c6sm-dugk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43063?format=json","vulnerability_id":"VCID-cp39-ahr6-e7dx","summary":"Apache Tomcat Directory Traversal\nDirectory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a `..` (dot dot) in the argument to source.jsp.","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=95371672300045&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=95371672300045&w=2"},{"reference_url":"https://web.archive.org/web/20020818015647/http://www.iss.net/security_center/static/4205.php","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20020818015647/http://www.iss.net/security_center/static/4205.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2000-1210","reference_id":"CVE-2000-1210","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2000-1210"},{"reference_url":"https://github.com/advisories/GHSA-4gr9-99j3-vqxv","reference_id":"GHSA-4gr9-99j3-vqxv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4gr9-99j3-vqxv"}],"fixed_packages":[],"aliases":["CVE-2000-1210","GHSA-4gr9-99j3-vqxv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cp39-ahr6-e7dx"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.1"}