{"url":"http://public2.vulnerablecode.io/api/packages/61690?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.1.37","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"4.1.37","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.38","latest_non_vulnerable_version":"11.0.18","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43184?format=json","vulnerability_id":"VCID-t4mh-zvhq-27du","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nApache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=123376588623823&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=123376588623823&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44156","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm","reference_id":"","reference_type":"","scores":[],"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"},{"reference_url":"https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099"},{"reference_url":"https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381"},{"reference_url":"https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639"},{"reference_url":"https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891"},{"reference_url":"https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120"},{"reference_url":"https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982"},{"reference_url":"https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266"},{"reference_url":"https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222"},{"reference_url":"https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797"},{"reference_url":"https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999"},{"reference_url":"https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379"},{"reference_url":"https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013"},{"reference_url":"https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865"},{"reference_url":"https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393"},{"reference_url":"https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249"},{"reference_url":"https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460"},{"reference_url":"https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623"},{"reference_url":"https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494"},{"reference_url":"https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681"},{"reference_url":"https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126"},{"reference_url":"https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0648.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0648.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0864.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0864.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0002.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0002.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2370","reference_id":"CVE-2008-2370","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2370"},{"reference_url":"https://github.com/advisories/GHSA-m8h8-6rvg-f4mg","reference_id":"GHSA-m8h8-6rvg-f4mg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m8h8-6rvg-f4mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61693?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.1.38","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.38"},{"url":"http://public2.vulnerablecode.io/api/packages/61694?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.5.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eygg-nt7y-qubh"},{"vulnerability":"VCID-hmqa-jhuf-hfe2"},{"vulnerability":"VCID-rdr4-db3y-p3cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.27"},{"url":"http://public2.vulnerablecode.io/api/packages/61799?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@6.0.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hmqa-jhuf-hfe2"},{"vulnerability":"VCID-rdr4-db3y-p3cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.18"}],"aliases":["CVE-2008-2370","GHSA-m8h8-6rvg-f4mg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4mh-zvhq-27du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43101?format=json","vulnerability_id":"VCID-wg7f-pjmn-uudk","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.","references":[{"reference_url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx","reference_id":"","reference_type":"","scores":[],"url":"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx"},{"reference_url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=123376588623823&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=123376588623823&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0648","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0862","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0864","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0877","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1007","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0602","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0602"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=457597","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=457597"},{"reference_url":"http://secunia.com/advisories/31379","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31379"},{"reference_url":"http://secunia.com/advisories/31381","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31381"},{"reference_url":"http://secunia.com/advisories/31639","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31639"},{"reference_url":"http://secunia.com/advisories/31865","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31865"},{"reference_url":"http://secunia.com/advisories/31891","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31891"},{"reference_url":"http://secunia.com/advisories/31982","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31982"},{"reference_url":"http://secunia.com/advisories/32120","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32120"},{"reference_url":"http://secunia.com/advisories/32222","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32222"},{"reference_url":"http://secunia.com/advisories/32266","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32266"},{"reference_url":"http://secunia.com/advisories/33797","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33797"},{"reference_url":"http://secunia.com/advisories/33999","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33999"},{"reference_url":"http://secunia.com/advisories/34013","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/34013"},{"reference_url":"http://secunia.com/advisories/35474","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/35474"},{"reference_url":"http://secunia.com/advisories/36108","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/36108"},{"reference_url":"http://secunia.com/advisories/37460","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/37460"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57126"},{"reference_url":"http://securityreason.com/securityalert/4098","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/4098"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44155","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44155"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985"},{"reference_url":"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500","reference_id":"","reference_type":"","scores":[],"url":"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500"},{"reference_url":"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095","reference_id":"","reference_type":"","scores":[],"url":"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095"},{"reference_url":"http://support.apple.com/kb/HT3216","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT3216"},{"reference_url":"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm","reference_id":"","reference_type":"","scores":[],"url":"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0648.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0648.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0862.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0864.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2008-0864.html"},{"reference_url":"http://www.securityfocus.com/archive/1/495021/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/495021/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/504351/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/504351/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/505556/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/505556/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/30496","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/30496"},{"reference_url":"http://www.securityfocus.com/bid/31681","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/31681"},{"reference_url":"http://www.securitytracker.com/id?1020622","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020622"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0002.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0002.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2305","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2305"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2780","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2780"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2823","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2823"},{"reference_url":"http://www.vupen.com/english/advisories/2009/0320","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/0320"},{"reference_url":"http://www.vupen.com/english/advisories/2009/0503","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/0503"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1609","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/1609"},{"reference_url":"http://www.vupen.com/english/advisories/2009/2194","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/2194"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3316","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/3316"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2008-1232","reference_id":"CVE-2008-1232","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2008-1232"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1232","reference_id":"CVE-2008-1232","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1232"},{"reference_url":"https://github.com/advisories/GHSA-q74x-qqhr-f8rx","reference_id":"GHSA-q74x-qqhr-f8rx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q74x-qqhr-f8rx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61693?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.1.38","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.38"},{"url":"http://public2.vulnerablecode.io/api/packages/61694?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.5.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eygg-nt7y-qubh"},{"vulnerability":"VCID-hmqa-jhuf-hfe2"},{"vulnerability":"VCID-rdr4-db3y-p3cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.27"},{"url":"http://public2.vulnerablecode.io/api/packages/61695?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@6.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.17"}],"aliases":["CVE-2008-1232","GHSA-q74x-qqhr-f8rx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg7f-pjmn-uudk"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43154?format=json","vulnerability_id":"VCID-qdvn-uc56-6fds","summary":"Exposure of Sensitive Information in Apache Tomcat\nApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=532111","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=532111"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5333","reference_id":"CVE-2007-5333","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5333"},{"reference_url":"https://github.com/advisories/GHSA-cww4-vj5r-rx57","reference_id":"GHSA-cww4-vj5r-rx57","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cww4-vj5r-rx57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61690?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.1.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t4mh-zvhq-27du"},{"vulnerability":"VCID-wg7f-pjmn-uudk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37"},{"url":"http://public2.vulnerablecode.io/api/packages/61692?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.5.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t4mh-zvhq-27du"},{"vulnerability":"VCID-wg7f-pjmn-uudk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.26"},{"url":"http://public2.vulnerablecode.io/api/packages/61744?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@6.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qzyq-d6qk-67ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.15"}],"aliases":["CVE-2007-5333","GHSA-cww4-vj5r-rx57"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdvn-uc56-6fds"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37"}