{"url":"http://public2.vulnerablecode.io/api/packages/642?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M15","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"9.0.0.M15","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.0.118","latest_non_vulnerable_version":"11.0.22","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15959?format=json","vulnerability_id":"VCID-16sq-3qm1-kqb2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45648","reference_id":"","reference_type":"","scores":[{"value":"0.62079","scoring_system":"epss","scoring_elements":"0.9838","published_at":"2026-06-14T12:55:00Z"},{"value":"0.62079","scoring_system":"epss","scoring_elements":"0.98379","published_at":"2026-06-12T12:55:00Z"},{"value":"0.62079","scoring_system":"epss","scoring_elements":"0.98373","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45648"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0"},{"reference_url":"https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4"},{"reference_url":"https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6"},{"reference_url":"https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45648","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45648"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231103-0007","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231103-0007"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/10/10","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/10/10/10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243749","reference_id":"2243749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243749"},{"reference_url":"https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp","reference_id":"2pv8yz1pyp088tsxfb7ogltk9msk0jdp","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:59:12Z/"}],"url":"https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648","reference_id":"CVE-2023-45648","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648"},{"reference_url":"https://github.com/advisories/GHSA-r6j3-px5g-cq3x","reference_id":"GHSA-r6j3-px5g-cq3x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6j3-px5g-cq3x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6206","reference_id":"RHSA-2023:6206","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6207","reference_id":"RHSA-2023:6207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7247","reference_id":"RHSA-2023:7247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0125","reference_id":"RHSA-2024:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0474","reference_id":"RHSA-2024:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4631","reference_id":"RHSA-2024:4631","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4631"},{"reference_url":"https://usn.ubuntu.com/7106-1/","reference_id":"USN-7106-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7106-1/"},{"reference_url":"https://usn.ubuntu.com/7562-1/","reference_id":"USN-7562-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7562-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/520?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.81","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.81"},{"url":"http://public2.vulnerablecode.io/api/packages/358?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/274?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.0-M12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M12"}],"aliases":["CVE-2023-45648","GHSA-r6j3-px5g-cq3x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16sq-3qm1-kqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28594?format=json","vulnerability_id":"VCID-2n2k-sh22-fkfw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41284","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21497","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21313","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2828","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28289","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41284"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c"},{"reference_url":"https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c"},{"reference_url":"https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41284","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41284"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/12"},{"reference_url":"https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc","reference_id":"2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:57:41Z/"}],"url":"https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284","reference_id":"CVE-2026-41284","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284"},{"reference_url":"https://github.com/advisories/GHSA-gx5v-xp9w-j4cg","reference_id":"GHSA-gx5v-xp9w-j4cg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gx5v-xp9w-j4cg"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-41284","GHSA-gx5v-xp9w-j4cg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2k-sh22-fkfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2010?format=json","vulnerability_id":"VCID-3nvd-d9qm-13ew","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8747.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8747","reference_id":"","reference_type":"","scores":[{"value":"0.02945","scoring_system":"epss","scoring_elements":"0.86805","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02945","scoring_system":"epss","scoring_elements":"0.86749","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02945","scoring_system":"epss","scoring_elements":"0.86809","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02945","scoring_system":"epss","scoring_elements":"0.86798","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat85/commit/9601a937ff3b7ef5d04b2a0e950d0e44e1bb4cbd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/9601a937ff3b7ef5d04b2a0e950d0e44e1bb4cbd"},{"reference_url":"https://github.com/apache/tomcat/commit/452c8094a665ef6375530e81c033da4eeb2e4865","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/452c8094a665ef6375530e81c033da4eeb2e4865"},{"reference_url":"https://github.com/apache/tomcat/commit/9601a937ff3b7ef5d04b2a0e950d0e44e1bb4cbd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9601a937ff3b7ef5d04b2a0e950d0e44e1bb4cbd"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8747","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8747"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180614-0002"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1774161","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1774161"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1774166","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1774166"},{"reference_url":"https://web.archive.org/web/20200227183332/http://www.securityfocus.com/bid/96895","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227183332/http://www.securityfocus.com/bid/96895"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432006","reference_id":"1432006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1432006"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://www.securityfocus.com/bid/96895","reference_id":"96895","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"http://www.securityfocus.com/bid/96895"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8747","reference_id":"CVE-2016-8747","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8747"},{"reference_url":"https://github.com/advisories/GHSA-fjwp-r6fm-q6qw","reference_id":"GHSA-fjwp-r6fm-q6qw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fjwp-r6fm-q6qw"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0002/","reference_id":"ntap-20180614-0002","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180614-0002/"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"security-8.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://tomcat.apache.org/security-9.html","reference_id":"security-9.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"http://tomcat.apache.org/security-9.html"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1774161","reference_id":"viewvc?view=revision&revision=1774161","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1774161"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1774166","reference_id":"viewvc?view=revision&revision=1774166","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:18Z/"}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1774166"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386524?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M16"},{"url":"http://public2.vulnerablecode.io/api/packages/640?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-4tdx-52h3-bkfj"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-urhx-sw6q-cqce"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v9zx-5ppt-qfbb"},{"vulnerability":"VCID-vvc7-62tw-2bhh"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M17"}],"aliases":["CVE-2016-8747","GHSA-fjwp-r6fm-q6qw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3nvd-d9qm-13ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3641?format=json","vulnerability_id":"VCID-4tdx-52h3-bkfj","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1801","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1802","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1809","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1809"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5648.json","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5648","reference_id":"","reference_type":"","scores":[{"value":"0.21758","scoring_system":"epss","scoring_elements":"0.95873","published_at":"2026-06-11T12:55:00Z"},{"value":"0.21758","scoring_system":"epss","scoring_elements":"0.9589","published_at":"2026-06-14T12:55:00Z"},{"value":"0.21758","scoring_system":"epss","scoring_elements":"0.95887","published_at":"2026-06-13T12:55:00Z"},{"value":"0.21758","scoring_system":"epss","scoring_elements":"0.95886","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5648"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.5","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/6bb36dfdf6444efda074893dff493b9eb3648808","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/6bb36dfdf6444efda074893dff493b9eb3648808"},{"reference_url":"https://github.com/apache/tomcat80/commit/6d73b079c55ee25dea1bbd0556bb568a4247dacd","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/6d73b079c55ee25dea1bbd0556bb568a4247dacd"},{"reference_url":"https://github.com/apache/tomcat85/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610"},{"reference_url":"https://github.com/apache/tomcat/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610"},{"reference_url":"https://github.com/apache/tomcat/commit/6bb36dfdf6444efda074893dff493b9eb3648808","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6bb36dfdf6444efda074893dff493b9eb3648808"},{"reference_url":"https://github.com/apache/tomcat/commit/dfa40863421d7681fed893b4256666491887e38c","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/dfa40863421d7681fed893b4256666491887e38c"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180614-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180614-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1785774","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1785774"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1785775","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1785775"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1785776","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1785776"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1785777","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1785777"},{"reference_url":"https://web.archive.org/web/20170417124117/http://www.securityfocus.com/bid/97530","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170417124117/http://www.securityfocus.com/bid/97530"},{"reference_url":"https://web.archive.org/web/20170420115120/http://www.securitytracker.com/id/1038220","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170420115120/http://www.securitytracker.com/id/1038220"},{"reference_url":"http://www.debian.org/security/2017/dsa-3842","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3842"},{"reference_url":"http://www.debian.org/security/2017/dsa-3843","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3843"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/07/20/8","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/07/20/8"},{"reference_url":"http://www.securityfocus.com/bid/97530","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441223","reference_id":"1441223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441223"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648","reference_id":"CVE-2017-5648","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5648","reference_id":"CVE-2017-5648","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5648"},{"reference_url":"https://github.com/advisories/GHSA-3vx3-xf6q-r5xp","reference_id":"GHSA-3vx3-xf6q-r5xp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vx3-xf6q-r5xp"},{"reference_url":"https://usn.ubuntu.com/3519-1/","reference_id":"USN-3519-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3519-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/637?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-urhx-sw6q-cqce"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v9zx-5ppt-qfbb"},{"vulnerability":"VCID-vvc7-62tw-2bhh"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M18"}],"aliases":["CVE-2017-5648","GHSA-3vx3-xf6q-r5xp"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4tdx-52h3-bkfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6603?format=json","vulnerability_id":"VCID-5nu4-5ude-4yhc","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17563.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17563.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17563","reference_id":"","reference_type":"","scores":[{"value":"0.04359","scoring_system":"epss","scoring_elements":"0.89236","published_at":"2026-06-14T12:55:00Z"},{"value":"0.04359","scoring_system":"epss","scoring_elements":"0.89228","published_at":"2026-06-12T12:55:00Z"},{"value":"0.04359","scoring_system":"epss","scoring_elements":"0.8919","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17563"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652"},{"reference_url":"https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c"},{"reference_url":"https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/43","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Dec/43"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200107-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200107-0001/"},{"reference_url":"https://usn.ubuntu.com/4251-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4251-1"},{"reference_url":"https://usn.ubuntu.com/4251-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4251-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4596","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4596"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785711","reference_id":"1785711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563","reference_id":"CVE-2019-17563","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17563","reference_id":"CVE-2019-17563","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17563"},{"reference_url":"https://github.com/advisories/GHSA-9xcj-c8cr-8c3c","reference_id":"GHSA-9xcj-c8cr-8c3c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9xcj-c8cr-8c3c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0860","reference_id":"RHSA-2020:0860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0861","reference_id":"RHSA-2020:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1520","reference_id":"RHSA-2020:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1521","reference_id":"RHSA-2020:1521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4004","reference_id":"RHSA-2020:4004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0882","reference_id":"RHSA-2021:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1030","reference_id":"RHSA-2021:1030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/544?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bv5e-eycn-n7e2"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.30"}],"aliases":["CVE-2019-17563","GHSA-9xcj-c8cr-8c3c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nu4-5ude-4yhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28596?format=json","vulnerability_id":"VCID-697g-gcg9-zyaa","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41293","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.2247","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22276","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24193","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24215","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41293"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148"},{"reference_url":"https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd"},{"reference_url":"https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b"},{"reference_url":"https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df"},{"reference_url":"https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa"},{"reference_url":"https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab"},{"reference_url":"https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3"},{"reference_url":"https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac"},{"reference_url":"https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7"},{"reference_url":"https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41293","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41293"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/13","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/13"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476513","reference_id":"2476513","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293","reference_id":"CVE-2026-41293","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293"},{"reference_url":"https://github.com/advisories/GHSA-r29c-68gh-xp6x","reference_id":"GHSA-r29c-68gh-xp6x","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r29c-68gh-xp6x"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-41293","GHSA-r29c-68gh-xp6x"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-697g-gcg9-zyaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15869?format=json","vulnerability_id":"VCID-6kab-xsqw-37ed","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42795","reference_id":"","reference_type":"","scores":[{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.72403","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.72411","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.72417","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.7232","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42795"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf"},{"reference_url":"https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75"},{"reference_url":"https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4"},{"reference_url":"https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42795","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42795"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231103-0007","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231103-0007"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/10/9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/10/10/9"},{"reference_url":"https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw","reference_id":"065jfyo583490r9j2v73nhpyxdob56lw","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T16:23:53Z/"}],"url":"https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243752","reference_id":"2243752","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42795","reference_id":"CVE-2023-42795","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42795"},{"reference_url":"https://github.com/advisories/GHSA-g8pj-r55q-5c2v","reference_id":"GHSA-g8pj-r55q-5c2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8pj-r55q-5c2v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6206","reference_id":"RHSA-2023:6206","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6207","reference_id":"RHSA-2023:6207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7247","reference_id":"RHSA-2023:7247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0125","reference_id":"RHSA-2024:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0474","reference_id":"RHSA-2024:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0474"},{"reference_url":"https://usn.ubuntu.com/7106-1/","reference_id":"USN-7106-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7106-1/"},{"reference_url":"https://usn.ubuntu.com/7562-1/","reference_id":"USN-7562-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7562-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/520?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.81","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.81"},{"url":"http://public2.vulnerablecode.io/api/packages/358?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/274?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.0-M12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M12"}],"aliases":["CVE-2023-42795","GHSA-g8pj-r55q-5c2v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6kab-xsqw-37ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25633?format=json","vulnerability_id":"VCID-6wqu-jupw-tyhu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55752","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51258","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5127","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51257","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51126","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55752"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06"},{"reference_url":"https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df"},{"reference_url":"https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406591","reference_id":"2406591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752","reference_id":"CVE-2025-55752","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55752","reference_id":"CVE-2025-55752","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55752"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability","reference_id":"CVE-2025-55752-DETECT-APACHE-TOMCAT-VULNERABILITY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability","reference_id":"CVE-2025-55752-MITIGATE-APACHE-TOMCAT-VULNERABILITY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability"},{"reference_url":"https://github.com/advisories/GHSA-wmwf-9ccg-fff5","reference_id":"GHSA-wmwf-9ccg-fff5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wmwf-9ccg-fff5"},{"reference_url":"https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog","reference_id":"n05kjcwyj1s45ovs8ll1qrrojhfb1tog","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T03:56:06Z/"}],"url":"https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19809","reference_id":"RHSA-2025:19809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19810","reference_id":"RHSA-2025:19810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22924","reference_id":"RHSA-2025:22924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22925","reference_id":"RHSA-2025:22925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23044","reference_id":"RHSA-2025:23044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23045","reference_id":"RHSA-2025:23045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23046","reference_id":"RHSA-2025:23046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23047","reference_id":"RHSA-2025:23047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23048","reference_id":"RHSA-2025:23048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23049","reference_id":"RHSA-2025:23049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23050","reference_id":"RHSA-2025:23050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23051","reference_id":"RHSA-2025:23051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23052","reference_id":"RHSA-2025:23052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23053","reference_id":"RHSA-2025:23053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23225","reference_id":"RHSA-2025:23225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0292","reference_id":"RHSA-2026:0292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0293","reference_id":"RHSA-2026:0293","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0293"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2724","reference_id":"RHSA-2026:2724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2725","reference_id":"RHSA-2026:2725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2726","reference_id":"RHSA-2026:2726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/475?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.109","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.109"},{"url":"http://public2.vulnerablecode.io/api/packages/316?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.45"},{"url":"http://public2.vulnerablecode.io/api/packages/235?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.11"}],"aliases":["CVE-2025-55752","GHSA-wmwf-9ccg-fff5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wqu-jupw-tyhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27439?format=json","vulnerability_id":"VCID-7wr9-uez1-8bdg","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1029","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10276","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10295","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10241","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695"},{"reference_url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2"},{"reference_url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/21"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039","reference_id":"2457039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854","reference_id":"CVE-2026-25854","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854"},{"reference_url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0","reference_id":"ghct3b6o74bp2vm7q875s1zh0dqrz3h0","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/"}],"url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0"},{"reference_url":"https://github.com/advisories/GHSA-9m3c-qcxr-9x87","reference_id":"GHSA-9m3c-qcxr-9x87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m3c-qcxr-9x87"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/456?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/296?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/220?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-25854","GHSA-9m3c-qcxr-9x87"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wr9-uez1-8bdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29213?format=json","vulnerability_id":"VCID-97et-ubnp-wqcy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43512","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33874","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33696","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.45051","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.45063","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43512"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448"},{"reference_url":"https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9"},{"reference_url":"https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43512","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43512"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476511","reference_id":"2476511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476511"},{"reference_url":"https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73","reference_id":"7x09x7o12solvclslw3sz0288xc8wx73","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:38:42Z/"}],"url":"https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512","reference_id":"CVE-2026-43512","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512"},{"reference_url":"https://github.com/advisories/GHSA-h6fc-48rj-7qqh","reference_id":"GHSA-h6fc-48rj-7qqh","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6fc-48rj-7qqh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13745","reference_id":"RHSA-2026:13745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16528","reference_id":"RHSA-2026:16528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25123","reference_id":"RHSA-2026:25123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25123"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-43512","GHSA-h6fc-48rj-7qqh"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97et-ubnp-wqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28669?format=json","vulnerability_id":"VCID-9xyf-k9wq-g7b9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42498.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42498","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15929","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16071","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20144","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20168","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42498"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423"},{"reference_url":"https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5"},{"reference_url":"https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42498","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42498"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/14","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/14"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476516","reference_id":"2476516","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498","reference_id":"CVE-2026-42498","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498"},{"reference_url":"https://github.com/advisories/GHSA-fv25-8xcx-gqjc","reference_id":"GHSA-fv25-8xcx-gqjc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fv25-8xcx-gqjc"},{"reference_url":"https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb","reference_id":"n61zwf75jrv09rz90j4jssncm244bwdb","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:58:45Z/"}],"url":"https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-42498","GHSA-fv25-8xcx-gqjc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyf-k9wq-g7b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29216?format=json","vulnerability_id":"VCID-dj7q-4map-ebg4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43515","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24873","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24889","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26619","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26417","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43515"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419"},{"reference_url":"https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36"},{"reference_url":"https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9"},{"reference_url":"https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43515","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43515"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/11","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/11"},{"reference_url":"https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb","reference_id":"746nxfxod0wsocxtmv8pb8nkgmwpc6bb","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:33:57Z/"}],"url":"https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515","reference_id":"CVE-2026-43515","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515"},{"reference_url":"https://github.com/advisories/GHSA-5m62-pw8w-7w9f","reference_id":"GHSA-5m62-pw8w-7w9f","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m62-pw8w-7w9f"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-43515","GHSA-5m62-pw8w-7w9f"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj7q-4map-ebg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7720?format=json","vulnerability_id":"VCID-euv9-huaz-y3d1","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13934.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13934.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13934","reference_id":"","reference_type":"","scores":[{"value":"0.2338","scoring_system":"epss","scoring_elements":"0.96093","published_at":"2026-06-12T12:55:00Z"},{"value":"0.2338","scoring_system":"epss","scoring_elements":"0.96094","published_at":"2026-06-13T12:55:00Z"},{"value":"0.2338","scoring_system":"epss","scoring_elements":"0.96096","published_at":"2026-06-14T12:55:00Z"},{"value":"0.2338","scoring_system":"epss","scoring_elements":"0.96081","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13934"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399"},{"reference_url":"https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e"},{"reference_url":"https://github.com/apache/tomcat/commit/c9167ae30f3b03b112f3d81772e3450b7d0e6a25","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c9167ae30f3b03b112f3d81772e3450b7d0e6a25"},{"reference_url":"https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200724-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200724-0003"},{"reference_url":"https://usn.ubuntu.com/4596-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4596-1"},{"reference_url":"https://www.debian.org/security/2020/dsa-4727","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4727"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857040","reference_id":"1857040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857040"},{"reference_url":"https://security.archlinux.org/AVG-1205","reference_id":"AVG-1205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934","reference_id":"CVE-2020-13934","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13934","reference_id":"CVE-2020-13934","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13934"},{"reference_url":"https://github.com/advisories/GHSA-vf77-8h7g-gghp","reference_id":"GHSA-vf77-8h7g-gghp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vf77-8h7g-gghp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3306","reference_id":"RHSA-2020:3306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3308","reference_id":"RHSA-2020:3308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3806","reference_id":"RHSA-2020:3806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3140","reference_id":"RHSA-2021:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3140"},{"reference_url":"https://usn.ubuntu.com/4596-1/","reference_id":"USN-4596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.36"},{"url":"http://public2.vulnerablecode.io/api/packages/581?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-nstu-jfc5-3kgd"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.37"},{"url":"http://public2.vulnerablecode.io/api/packages/442?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6"},{"url":"http://public2.vulnerablecode.io/api/packages/439?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nstu-jfc5-3kgd"},{"vulnerability":"VCID-qvgx-r4rr-xugp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7"}],"aliases":["CVE-2020-13934","GHSA-vf77-8h7g-gghp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-euv9-huaz-y3d1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3645?format=json","vulnerability_id":"VCID-fwgq-vmfm-j7bh","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1802","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1809","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2633","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2635","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2636","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2637","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2638","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2638"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5664.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5664","reference_id":"","reference_type":"","scores":[{"value":"0.10802","scoring_system":"epss","scoring_elements":"0.93545","published_at":"2026-06-14T12:55:00Z"},{"value":"0.10802","scoring_system":"epss","scoring_elements":"0.93519","published_at":"2026-06-11T12:55:00Z"},{"value":"0.10802","scoring_system":"epss","scoring_elements":"0.93544","published_at":"2026-06-13T12:55:00Z"},{"value":"0.10802","scoring_system":"epss","scoring_elements":"0.9354","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5664"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/3bfe9fb886598c4d8ecbe674216152006bbce456","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/3bfe9fb886598c4d8ecbe674216152006bbce456"},{"reference_url":"https://github.com/apache/tomcat70/commit/58b32048ce25cb812ae394dafb0cd57254c68155","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/58b32048ce25cb812ae394dafb0cd57254c68155"},{"reference_url":"https://github.com/apache/tomcat80/commit/25d3c0d93190ef165ecd6c744bc15b5059abfa8f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/25d3c0d93190ef165ecd6c744bc15b5059abfa8f"},{"reference_url":"https://github.com/apache/tomcat80/commit/e070a31ec81b56377822e44883c64abb41f36a3b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/e070a31ec81b56377822e44883c64abb41f36a3b"},{"reference_url":"https://github.com/apache/tomcat85/commit/29893e66111d33cfe99dd01cb146317c0c262ef4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/29893e66111d33cfe99dd01cb146317c0c262ef4"},{"reference_url":"https://github.com/apache/tomcat85/commit/3242efea525df01d15da6e90ea69a9a21b10b454","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/3242efea525df01d15da6e90ea69a9a21b10b454"},{"reference_url":"https://github.com/apache/tomcat/commit/29893e66111d33cfe99dd01cb146317c0c262ef4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/29893e66111d33cfe99dd01cb146317c0c262ef4"},{"reference_url":"https://github.com/apache/tomcat/commit/3242efea525df01d15da6e90ea69a9a21b10b454","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3242efea525df01d15da6e90ea69a9a21b10b454"},{"reference_url":"https://github.com/apache/tomcat/commit/3bfe9fb886598c4d8ecbe674216152006bbce456","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3bfe9fb886598c4d8ecbe674216152006bbce456"},{"reference_url":"https://github.com/apache/tomcat/commit/4545dcce444aa619374a659cb450dbbd0be3c921","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4545dcce444aa619374a659cb450dbbd0be3c921"},{"reference_url":"https://github.com/apache/tomcat/commit/58b32048ce25cb812ae394dafb0cd57254c68155","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/58b32048ce25cb812ae394dafb0cd57254c68155"},{"reference_url":"https://github.com/apache/tomcat/commit/7d93527254d9e9371b342800617f20d13c8b85ad","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7d93527254d9e9371b342800617f20d13c8b85ad"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5664","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5664"},{"reference_url":"https://security.netapp.com/advisory/ntap-20171019-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20171019-0002"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793468","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793468"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793469","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793469"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793470","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793470"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793471","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793471"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793487","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793487"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793488","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793488"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793489","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793489"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1793491","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1793491"},{"reference_url":"https://web.archive.org/web/20170801120345/http://www.securitytracker.com/id/1038641","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170801120345/http://www.securitytracker.com/id/1038641"},{"reference_url":"https://web.archive.org/web/20170805032345/http://www.securityfocus.com/bid/98888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170805032345/http://www.securityfocus.com/bid/98888"},{"reference_url":"http://www.debian.org/security/2017/dsa-3891","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3891"},{"reference_url":"http://www.debian.org/security/2017/dsa-3892","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3892"},{"reference_url":"http://www.securityfocus.com/bid/98888","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1459158","reference_id":"1459158","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1459158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664","reference_id":"CVE-2017-5664","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664"},{"reference_url":"https://github.com/advisories/GHSA-jmvv-524f-hj5j","reference_id":"GHSA-jmvv-524f-hj5j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmvv-524f-hj5j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2493","reference_id":"RHSA-2017:2493","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2494","reference_id":"RHSA-2017:2494","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3080","reference_id":"RHSA-2017:3080","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3080"},{"reference_url":"https://usn.ubuntu.com/3519-1/","reference_id":"USN-3519-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3519-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/632?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-d1px-uadx-vqdx"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v9zx-5ppt-qfbb"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M21"}],"aliases":["CVE-2017-5664","GHSA-jmvv-524f-hj5j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwgq-vmfm-j7bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3640?format=json","vulnerability_id":"VCID-fy3t-qn64-bkhn","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1801","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1802","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1802"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5647.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5647.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5647","reference_id":"","reference_type":"","scores":[{"value":"0.02275","scoring_system":"epss","scoring_elements":"0.85081","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02275","scoring_system":"epss","scoring_elements":"0.85072","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02275","scoring_system":"epss","scoring_elements":"0.85074","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02275","scoring_system":"epss","scoring_elements":"0.8502","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5647"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/a4efd3ca1ccbdfc398136d76c0d8b7ad5a1e4905","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/a4efd3ca1ccbdfc398136d76c0d8b7ad5a1e4905"},{"reference_url":"https://github.com/apache/tomcat80/commit/ec10b8c785d1db91fe58946436f854dde04410fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/ec10b8c785d1db91fe58946436f854dde04410fd"},{"reference_url":"https://github.com/apache/tomcat85/commit/f5e06b8c743b1daa9eb5e817863958b6b320e044","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/f5e06b8c743b1daa9eb5e817863958b6b320e044"},{"reference_url":"https://github.com/apache/tomcat/commit/864aa1199ad2cccc9a7e7c6b977f7d7f812c9910","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/864aa1199ad2cccc9a7e7c6b977f7d7f812c9910"},{"reference_url":"https://github.com/apache/tomcat/commit/a4efd3ca1ccbdfc398136d76c0d8b7ad5a1e4905","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a4efd3ca1ccbdfc398136d76c0d8b7ad5a1e4905"},{"reference_url":"https://github.com/apache/tomcat/commit/f5e06b8c743b1daa9eb5e817863958b6b320e044","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f5e06b8c743b1daa9eb5e817863958b6b320e044"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5647","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5647"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180614-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180614-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1788890","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1788890"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1788932","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1788932"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1788999","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1788999"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1789008","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1789008"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1789024","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1789024"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1789155","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1789155"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1789856","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1789856"},{"reference_url":"https://web.archive.org/web/20170420114447/http://www.securitytracker.com/id/1038218","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170420114447/http://www.securitytracker.com/id/1038218"},{"reference_url":"http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"},{"reference_url":"http://www.debian.org/security/2017/dsa-3842","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3842"},{"reference_url":"http://www.debian.org/security/2017/dsa-3843","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3843"},{"reference_url":"http://www.securitytracker.com/id/1038218","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441205","reference_id":"1441205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647","reference_id":"CVE-2017-5647","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647"},{"reference_url":"https://github.com/advisories/GHSA-3gv7-3h64-78cm","reference_id":"GHSA-3gv7-3h64-78cm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gv7-3h64-78cm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2493","reference_id":"RHSA-2017:2493","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2494","reference_id":"RHSA-2017:2494","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3080","reference_id":"RHSA-2017:3080","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3081","reference_id":"RHSA-2017:3081","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3081"},{"reference_url":"https://usn.ubuntu.com/3519-1/","reference_id":"USN-3519-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3519-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/638?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v9zx-5ppt-qfbb"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M19"}],"aliases":["CVE-2017-5647","GHSA-3gv7-3h64-78cm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fy3t-qn64-bkhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7597?format=json","vulnerability_id":"VCID-gecz-htub-27gx","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11996.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11996","reference_id":"","reference_type":"","scores":[{"value":"0.45121","scoring_system":"epss","scoring_elements":"0.97677","published_at":"2026-06-11T12:55:00Z"},{"value":"0.45121","scoring_system":"epss","scoring_elements":"0.97686","published_at":"2026-06-13T12:55:00Z"},{"value":"0.45121","scoring_system":"epss","scoring_elements":"0.97687","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11996"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/9434a44d3449d620b1be70206819f8275b4a7509","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9434a44d3449d620b1be70206819f8275b4a7509"},{"reference_url":"https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976"},{"reference_url":"https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552"},{"reference_url":"https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ad911fe49450ed9405827af0e7a74104041081ff91864b1f2546bbd@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9ad911fe49450ed9405827af0e7a74104041081ff91864b1f2546bbd@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb820f1a2a02bf07414be12c653c2ab5321fd87b9bf6c5e635c53ff4b@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb820f1a2a02bf07414be12c653c2ab5321fd87b9bf6c5e635c53ff4b@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc80b96b4b96618b2b7461cb90664a428cfd6605eea9f74e51b792542@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc80b96b4b96618b2b7461cb90664a428cfd6605eea9f74e51b792542@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rea65d6ef2e45dd1c45faae83922042732866c7b88fa109b76c83db52@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rea65d6ef2e45dd1c45faae83922042732866c7b88fa109b76c83db52@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ref0339792ac6dac1dba83c071a727ad72380899bde60f6aaad4031b9@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ref0339792ac6dac1dba83c071a727ad72380899bde60f6aaad4031b9@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200709-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200709-0002"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://usn.ubuntu.com/4596-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4596-1"},{"reference_url":"https://www.debian.org/security/2020/dsa-4727","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4727"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851420","reference_id":"1851420","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851420"},{"reference_url":"https://security.archlinux.org/AVG-1196","reference_id":"AVG-1196","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996","reference_id":"CVE-2020-11996","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11996","reference_id":"CVE-2020-11996","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11996"},{"reference_url":"https://github.com/advisories/GHSA-53hp-jpwq-2jgq","reference_id":"GHSA-53hp-jpwq-2jgq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-53hp-jpwq-2jgq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5170","reference_id":"RHSA-2020:5170","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5173","reference_id":"RHSA-2020:5173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5388","reference_id":"RHSA-2020:5388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0292","reference_id":"RHSA-2021:0292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3140","reference_id":"RHSA-2021:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3140"},{"reference_url":"https://usn.ubuntu.com/4596-1/","reference_id":"USN-4596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/556?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-fbxk-sjfu-eyf1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.35"},{"url":"http://public2.vulnerablecode.io/api/packages/584?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.36"},{"url":"http://public2.vulnerablecode.io/api/packages/404?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-fbxk-sjfu-eyf1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M5"},{"url":"http://public2.vulnerablecode.io/api/packages/442?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6"}],"aliases":["CVE-2020-11996","GHSA-53hp-jpwq-2jgq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gecz-htub-27gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29214?format=json","vulnerability_id":"VCID-hv33-kv9q-gugf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43513","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24213","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24017","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30914","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30929","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43513"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2"},{"reference_url":"https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717"},{"reference_url":"https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43513"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/9"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513","reference_id":"CVE-2026-43513","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513"},{"reference_url":"https://github.com/advisories/GHSA-5mp6-jrq3-r938","reference_id":"GHSA-5mp6-jrq3-r938","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mp6-jrq3-r938"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"},{"reference_url":"https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp","reference_id":"ytjcgldshj73lcnd1sh95od5hrghwogp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T16:34:43Z/"}],"url":"https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-43513","GHSA-5mp6-jrq3-r938"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hv33-kv9q-gugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25782?format=json","vulnerability_id":"VCID-keh1-ycs9-ybdd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61795","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32123","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32145","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32128","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31943","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61795"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"},{"reference_url":"https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0"},{"reference_url":"https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293","reference_id":"1119293","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294","reference_id":"1119294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406588","reference_id":"2406588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406588"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795","reference_id":"CVE-2025-61795","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61795","reference_id":"CVE-2025-61795","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61795"},{"reference_url":"https://github.com/advisories/GHSA-hgrr-935x-pq79","reference_id":"GHSA-hgrr-935x-pq79","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgrr-935x-pq79"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19809","reference_id":"RHSA-2025:19809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19810","reference_id":"RHSA-2025:19810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23050","reference_id":"RHSA-2025:23050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23051","reference_id":"RHSA-2025:23051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"},{"reference_url":"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp","reference_id":"wm9mx8brmx9g4zpywm06ryrtvd3160pp","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T18:48:52Z/"}],"url":"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/476?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.110","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.110"},{"url":"http://public2.vulnerablecode.io/api/packages/312?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.47","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.47"},{"url":"http://public2.vulnerablecode.io/api/packages/236?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.12"}],"aliases":["CVE-2025-61795","GHSA-hgrr-935x-pq79"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-keh1-ycs9-ybdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11657?format=json","vulnerability_id":"VCID-m3py-3ba2-jkg7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25762","reference_id":"","reference_type":"","scores":[{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71284","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71195","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71295","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71297","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25762"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99"},{"reference_url":"https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015"},{"reference_url":"https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183"},{"reference_url":"https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc"},{"reference_url":"https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c"},{"reference_url":"https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25762","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25762"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220629-0003","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220629-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220629-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220629-0003/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2085304","reference_id":"2085304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2085304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762","reference_id":"CVE-2022-25762","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762"},{"reference_url":"https://github.com/advisories/GHSA-h3ch-5pp2-vh6w","reference_id":"GHSA-h3ch-5pp2-vh6w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h3ch-5pp2-vh6w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4847","reference_id":"RHSA-2020:4847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4847"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/597?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/598?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.21"}],"aliases":["CVE-2022-25762","GHSA-h3ch-5pp2-vh6w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3py-3ba2-jkg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21714?format=json","vulnerability_id":"VCID-ngy5-k9cv-rkbn","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54677.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54677","reference_id":"","reference_type":"","scores":[{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79643","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79636","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79627","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79562","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54677"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1d88dd3ffaed76188dd4ee32ce77709ce6e153cd"},{"reference_url":"https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3315a9027a7eaab18f42625b97b569940ff1365d"},{"reference_url":"https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4a335c6dcba8d6f8a54629eda392a50da267bdf4"},{"reference_url":"https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4d5cc6538d91386f950373ac8120e98c2c78ed3a"},{"reference_url":"https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4f0236606961176257b883213e1621b1859ed746"},{"reference_url":"https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/54e56495e9a106218efe9fc9c79d976c0032bbfd"},{"reference_url":"https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/721544ea28e92549824b106be954a9f411867a1c"},{"reference_url":"https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/722814668708c42a61b0c1e340b15bc2b785c0d1"},{"reference_url":"https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/75ff7e8622edcc024b268677aa789ee8f0880ecc"},{"reference_url":"https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/84065e26ca4555e63a922bb29b13b0a1c86b7654"},{"reference_url":"https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e"},{"reference_url":"https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9ffd23fc27f5d1fc95bf97e5cea175c8968f4533"},{"reference_url":"https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a95bf2b0303442a2c9a1ac364b0e63b56049e33a"},{"reference_url":"https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/aa5b4d0043289cf054f531ec55126c980d3572e1"},{"reference_url":"https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/b1f65728b37d7d227a0764344473b7e261a13408"},{"reference_url":"https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/bbd82e9593314ade4cfd57248f9285fbad686f66"},{"reference_url":"https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c0a23927ea5e061ca3fdff695138464179fe674a"},{"reference_url":"https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c2f7ce21c3fb12caefee87c517a8bb4f80700044"},{"reference_url":"https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cb1707685472994e9d924746f8c91cb116fa5213"},{"reference_url":"https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d63a10afc142b12f462a15f7d10f79fd80ff94eb"},{"reference_url":"https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/dbec927859d9484cb8bd680a7c67b1a560f48444"},{"reference_url":"https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e8c16cdba833884e1bd49fff1f1cb699da177585"},{"reference_url":"https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f57a9d9847c1038be61f5818d73b8be907c460d4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54677","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54677"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250131-0006","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250131-0006"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/17/5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/17/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/17/6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/17/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/18/1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/18/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2332815","reference_id":"2332815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2332815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677","reference_id":"CVE-2024-54677","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677"},{"reference_url":"https://github.com/advisories/GHSA-653p-vg55-5652","reference_id":"GHSA-653p-vg55-5652","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-653p-vg55-5652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7497","reference_id":"RHSA-2025:7497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7497"},{"reference_url":"https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n","reference_id":"tdtbbxpg5trdwc2wnopcth9ccvdftq2n","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-17T16:41:40Z/"}],"url":"https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n"},{"reference_url":"https://usn.ubuntu.com/7705-1/","reference_id":"USN-7705-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7705-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/497?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.98","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-kehq-gcjx-17e4"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.98"},{"url":"http://public2.vulnerablecode.io/api/packages/333?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-kehq-gcjx-17e4"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.34"},{"url":"http://public2.vulnerablecode.io/api/packages/253?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-kehq-gcjx-17e4"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.2"}],"aliases":["CVE-2024-54677","GHSA-653p-vg55-5652"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngy5-k9cv-rkbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25899?format=json","vulnerability_id":"VCID-p4j1-xp15-t3b8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66614.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66614.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66614","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16515","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16541","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1653","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16385","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66614"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36"},{"reference_url":"https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30"},{"reference_url":"https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2"},{"reference_url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02"},{"reference_url":"https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4"},{"reference_url":"https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940"},{"reference_url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53"},{"reference_url":"https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e"},{"reference_url":"https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440430","reference_id":"2440430","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614","reference_id":"CVE-2025-66614","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66614","reference_id":"CVE-2025-66614","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66614"},{"reference_url":"https://github.com/advisories/GHSA-fpj8-gq4v-p354","reference_id":"GHSA-fpj8-gq4v-p354","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpj8-gq4v-p354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12194","reference_id":"RHSA-2026:12194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12195","reference_id":"RHSA-2026:12195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"},{"reference_url":"https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7","reference_id":"vw6lxtlh2qbqwpb61wd3sv1flm2nttw7","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-21T21:17:26Z/"}],"url":"https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/463?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.113","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-8sda-scr3-qfex"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.113"},{"url":"http://public2.vulnerablecode.io/api/packages/456?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/299?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-8sda-scr3-qfex"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.50"},{"url":"http://public2.vulnerablecode.io/api/packages/296?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/223?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-8sda-scr3-qfex"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/220?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2025-66614","GHSA-fpj8-gq4v-p354"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4j1-xp15-t3b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7721?format=json","vulnerability_id":"VCID-p65m-6crd-bufr","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13935.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13935","reference_id":"","reference_type":"","scores":[{"value":"0.92155","scoring_system":"epss","scoring_elements":"0.99728","published_at":"2026-06-12T12:55:00Z"},{"value":"0.92155","scoring_system":"epss","scoring_elements":"0.99727","published_at":"2026-06-14T12:55:00Z"},{"value":"0.92155","scoring_system":"epss","scoring_elements":"0.99726","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13935"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5"},{"reference_url":"https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc427c3"},{"reference_url":"https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d"},{"reference_url":"https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf723784"},{"reference_url":"https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014cc84"},{"reference_url":"https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200724-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200724-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200724-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200724-0003/"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://usn.ubuntu.com/4448-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4448-1"},{"reference_url":"https://usn.ubuntu.com/4448-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4448-1/"},{"reference_url":"https://usn.ubuntu.com/4596-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4596-1"},{"reference_url":"https://www.debian.org/security/2020/dsa-4727","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4727"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857024","reference_id":"1857024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857024"},{"reference_url":"https://security.archlinux.org/AVG-1205","reference_id":"AVG-1205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935","reference_id":"CVE-2020-13935","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13935","reference_id":"CVE-2020-13935","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13935"},{"reference_url":"https://github.com/advisories/GHSA-m7jv-hq7h-mq7c","reference_id":"GHSA-m7jv-hq7h-mq7c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m7jv-hq7h-mq7c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3303","reference_id":"RHSA-2020:3303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3305","reference_id":"RHSA-2020:3305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3306","reference_id":"RHSA-2020:3306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3308","reference_id":"RHSA-2020:3308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3382","reference_id":"RHSA-2020:3382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3383","reference_id":"RHSA-2020:3383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3806","reference_id":"RHSA-2020:3806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4004","reference_id":"RHSA-2020:4004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3140","reference_id":"RHSA-2021:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5458","reference_id":"RHSA-2022:5458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5459","reference_id":"RHSA-2022:5459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5460","reference_id":"RHSA-2022:5460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5460"},{"reference_url":"https://usn.ubuntu.com/4596-1/","reference_id":"USN-4596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-nstu-jfc5-3kgd"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.37"},{"url":"http://public2.vulnerablecode.io/api/packages/439?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nstu-jfc5-3kgd"},{"vulnerability":"VCID-qvgx-r4rr-xugp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M7"}],"aliases":["CVE-2020-13935","GHSA-m7jv-hq7h-mq7c"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p65m-6crd-bufr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6165?format=json","vulnerability_id":"VCID-qxbw-zvw5-ckdp","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12418.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12418","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65698","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65589","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65694","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65687","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12418"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3"},{"reference_url":"https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00"},{"reference_url":"https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/43","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Dec/43"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200107-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200107-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200107-0001/"},{"reference_url":"https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS"},{"reference_url":"https://usn.ubuntu.com/4251-1","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4251-1"},{"reference_url":"https://usn.ubuntu.com/4251-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4251-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4596","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4596"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785699","reference_id":"1785699","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418","reference_id":"CVE-2019-12418","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12418","reference_id":"CVE-2019-12418","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12418"},{"reference_url":"https://github.com/advisories/GHSA-hh3j-x4mc-g48r","reference_id":"GHSA-hh3j-x4mc-g48r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hh3j-x4mc-g48r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0860","reference_id":"RHSA-2020:0860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0861","reference_id":"RHSA-2020:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1520","reference_id":"RHSA-2020:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1521","reference_id":"RHSA-2020:1521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1521"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/594?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bv5e-eycn-n7e2"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.29"}],"aliases":["CVE-2019-12418","GHSA-hh3j-x4mc-g48r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxbw-zvw5-ckdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4698?format=json","vulnerability_id":"VCID-qxfb-yg6b-nfda","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1320","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1320"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1305.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1305","reference_id":"","reference_type":"","scores":[{"value":"0.21578","scoring_system":"epss","scoring_elements":"0.95862","published_at":"2026-06-13T12:55:00Z"},{"value":"0.21578","scoring_system":"epss","scoring_elements":"0.95865","published_at":"2026-06-14T12:55:00Z"},{"value":"0.21578","scoring_system":"epss","scoring_elements":"0.95848","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1305"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a"},{"reference_url":"https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab"},{"reference_url":"https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1"},{"reference_url":"https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a"},{"reference_url":"https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073"},{"reference_url":"https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0001","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180706-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180706-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823310","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823310"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823314","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823314"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823319","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823319"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1823322","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1823322"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824323","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824323"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824358","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824358"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824359","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824359"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1824360","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1824360"},{"reference_url":"https://usn.ubuntu.com/3665-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3665-1"},{"reference_url":"https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144"},{"reference_url":"https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428"},{"reference_url":"http://www.securityfocus.com/bid/103144","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103144"},{"reference_url":"http://www.securitytracker.com/id/1040428","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040428"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1548282","reference_id":"1548282","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1548282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305","reference_id":"CVE-2018-1305","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1305","reference_id":"CVE-2018-1305","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1305"},{"reference_url":"https://github.com/advisories/GHSA-jx6h-3fjx-cgv5","reference_id":"GHSA-jx6h-3fjx-cgv5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jx6h-3fjx-cgv5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0465","reference_id":"RHSA-2018:0465","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0466","reference_id":"RHSA-2018:0466","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2939","reference_id":"RHSA-2018:2939","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2205","reference_id":"RHSA-2019:2205","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2205"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/624?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3977-sdws-euh4"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-4c8y-tn9d-v3d5"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9gs9-4vzf-uqbu"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-evws-hrsq-ybfw"},{"vulnerability":"VCID-ftu2-phtp-bqad"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-ht8m-9gxn-mkaa"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-k11z-qhvd-9ugj"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-x57v-g2md-7bbq"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.5"}],"aliases":["CVE-2018-1305","GHSA-jx6h-3fjx-cgv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxfb-yg6b-nfda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29215?format=json","vulnerability_id":"VCID-s2kf-jwgc-pfas","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43514","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27377","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27395","published_at":"2026-06-13T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27415","published_at":"2026-06-12T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27214","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755"},{"reference_url":"https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa"},{"reference_url":"https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e"},{"reference_url":"https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508"},{"reference_url":"https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43514","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43514"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/10","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476512","reference_id":"2476512","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476512"},{"reference_url":"https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m","reference_id":"2k654v5cq123npfsd1b2kk1y30owqb1m","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:22:38Z/"}],"url":"https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514","reference_id":"CVE-2026-43514","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514"},{"reference_url":"https://github.com/advisories/GHSA-9m89-8frq-c98c","reference_id":"GHSA-9m89-8frq-c98c","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m89-8frq-c98c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.118"},{"url":"http://public2.vulnerablecode.io/api/packages/292?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.55"},{"url":"http://public2.vulnerablecode.io/api/packages/216?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.22"}],"aliases":["CVE-2026-43514","GHSA-9m89-8frq-c98c"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2kf-jwgc-pfas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27398?format=json","vulnerability_id":"VCID-t8tc-zb3w-57gv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39126","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39141","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39149","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38954","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a"},{"reference_url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb"},{"reference_url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5"},{"reference_url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c"},{"reference_url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522"},{"reference_url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/20"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040","reference_id":"2457040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040"},{"reference_url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_id":"2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/"}],"url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880","reference_id":"CVE-2026-24880","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880"},{"reference_url":"https://github.com/advisories/GHSA-563x-q5rq-57qp","reference_id":"GHSA-563x-q5rq-57qp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-563x-q5rq-57qp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/456?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/300?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-8sda-scr3-qfex"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-r6yr-45cm-8ucv"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52"},{"url":"http://public2.vulnerablecode.io/api/packages/296?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/220?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-nctp-shgj-sfgh"},{"vulnerability":"VCID-nfmu-1t27-e3fu"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-24880","GHSA-563x-q5rq-57qp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8tc-zb3w-57gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3642?format=json","vulnerability_id":"VCID-urhx-sw6q-cqce","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5651.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5651.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5651","reference_id":"","reference_type":"","scores":[{"value":"0.06144","scoring_system":"epss","scoring_elements":"0.91047","published_at":"2026-06-14T12:55:00Z"},{"value":"0.06144","scoring_system":"epss","scoring_elements":"0.91048","published_at":"2026-06-13T12:55:00Z"},{"value":"0.06144","scoring_system":"epss","scoring_elements":"0.91011","published_at":"2026-06-11T12:55:00Z"},{"value":"0.06144","scoring_system":"epss","scoring_elements":"0.91041","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5651"},{"reference_url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=60918","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=60918"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat85/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b"},{"reference_url":"https://github.com/apache/tomcat/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b"},{"reference_url":"https://github.com/apache/tomcat/commit/9233d9d6a018be4415d4d7d6cb4fe01176adf1a8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9233d9d6a018be4415d4d7d6cb4fe01176adf1a8"},{"reference_url":"https://github.com/search?q=repo%3Aapache%2Ftomcat+apache.coyote+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/search?q=repo%3Aapache%2Ftomcat+apache.coyote+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5651","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5651"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180614-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180614-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1788544","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1788544"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1788546","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1788546"},{"reference_url":"https://web.archive.org/web/20170417124228/http://www.securityfocus.com/bid/97544","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170417124228/http://www.securityfocus.com/bid/97544"},{"reference_url":"https://web.archive.org/web/20170420113605/http://www.securitytracker.com/id/1038219","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170420113605/http://www.securitytracker.com/id/1038219"},{"reference_url":"http://www.securityfocus.com/bid/97544","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97544"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441226","reference_id":"1441226","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5651","reference_id":"CVE-2017-5651","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5651"},{"reference_url":"https://github.com/advisories/GHSA-9hg2-395j-83rm","reference_id":"GHSA-9hg2-395j-83rm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9hg2-395j-83rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/638?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v9zx-5ppt-qfbb"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M19"}],"aliases":["CVE-2017-5651","GHSA-9hg2-395j-83rm"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urhx-sw6q-cqce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15813?format=json","vulnerability_id":"VCID-uyc3-3cnp-wqf3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41080","reference_id":"","reference_type":"","scores":[{"value":"0.11586","scoring_system":"epss","scoring_elements":"0.93829","published_at":"2026-06-12T12:55:00Z"},{"value":"0.11586","scoring_system":"epss","scoring_elements":"0.93836","published_at":"2026-06-14T12:55:00Z"},{"value":"0.11586","scoring_system":"epss","scoring_elements":"0.93808","published_at":"2026-06-11T12:55:00Z"},{"value":"0.11586","scoring_system":"epss","scoring_elements":"0.93833","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41080"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b"},{"reference_url":"https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b"},{"reference_url":"https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27"},{"reference_url":"https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41080","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41080"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230921-0006","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230921-0006"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235370","reference_id":"2235370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235370"},{"reference_url":"https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f","reference_id":"71wvwprtx2j2m54fovq9zr7gbm2wow2f","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/"}],"url":"https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080","reference_id":"CVE-2023-41080","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080"},{"reference_url":"https://github.com/advisories/GHSA-q3mw-pvr8-9ggc","reference_id":"GHSA-q3mw-pvr8-9ggc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3mw-pvr8-9ggc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5946","reference_id":"RHSA-2023:5946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7622","reference_id":"RHSA-2023:7622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7623","reference_id":"RHSA-2023:7623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7678","reference_id":"RHSA-2023:7678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0125","reference_id":"RHSA-2024:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0474","reference_id":"RHSA-2024:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1324","reference_id":"RHSA-2024:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1325","reference_id":"RHSA-2024:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4631","reference_id":"RHSA-2024:4631","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4631"},{"reference_url":"https://usn.ubuntu.com/7106-1/","reference_id":"USN-7106-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7106-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/519?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.80","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-1weg-s38v-nkh9"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-xuma-qnw9-8bb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.80"},{"url":"http://public2.vulnerablecode.io/api/packages/357?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-1weg-s38v-nkh9"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/273?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-1weg-s38v-nkh9"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bwh8-tmf1-8uac"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-n4qq-m1x3-qkbz"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vnfg-9em7-u7ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11"}],"aliases":["CVE-2023-41080","GHSA-q3mw-pvr8-9ggc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyc3-3cnp-wqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3924?format=json","vulnerability_id":"VCID-v9zx-5ppt-qfbb","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7675.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7675.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7675","reference_id":"","reference_type":"","scores":[{"value":"0.03529","scoring_system":"epss","scoring_elements":"0.87969","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03529","scoring_system":"epss","scoring_elements":"0.87929","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03529","scoring_system":"epss","scoring_elements":"0.87975","published_at":"2026-06-14T12:55:00Z"},{"value":"0.03529","scoring_system":"epss","scoring_elements":"0.87976","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7675"},{"reference_url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=61120","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=61120"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat85/commit/dacb030b85fe0e0b3da87469e23d0f31252fdede","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/dacb030b85fe0e0b3da87469e23d0f31252fdede"},{"reference_url":"https://github.com/apache/tomcat/commit/cf181edc9a8c239cde704cffc3c503425bdcae2b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cf181edc9a8c239cde704cffc3c503425bdcae2b"},{"reference_url":"https://github.com/apache/tomcat/commit/dacb030b85fe0e0b3da87469e23d0f31252fdede","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/dacb030b85fe0e0b3da87469e23d0f31252fdede"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79c46276c350e05a15@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79c46276c350e05a15@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79c46276c350e05a15%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79c46276c350e05a15%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7675","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7675"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180614-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180614-0003/"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1796090","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1796090"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1796090","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1796090"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1796091","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1796091"},{"reference_url":"https://web.archive.org/web/20170929163331/http://www.securityfocus.com/bid/100256","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170929163331/http://www.securityfocus.com/bid/100256"},{"reference_url":"http://www.debian.org/security/2017/dsa-3974","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3974"},{"reference_url":"http://www.securityfocus.com/bid/100256","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100256"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480626","reference_id":"1480626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7675","reference_id":"CVE-2017-7675","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7675"},{"reference_url":"https://github.com/advisories/GHSA-68g5-8q7f-m384","reference_id":"GHSA-68g5-8q7f-m384","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68g5-8q7f-m384"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/627?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-19jz-k145-3bh6"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M22"}],"aliases":["CVE-2017-7675","GHSA-68g5-8q7f-m384"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9zx-5ppt-qfbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30392?format=json","vulnerability_id":"VCID-vvc7-62tw-2bhh","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5650.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5650.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5650","reference_id":"","reference_type":"","scores":[{"value":"0.12669","scoring_system":"epss","scoring_elements":"0.94164","published_at":"2026-06-13T12:55:00Z"},{"value":"0.12669","scoring_system":"epss","scoring_elements":"0.94138","published_at":"2026-06-11T12:55:00Z"},{"value":"0.12669","scoring_system":"epss","scoring_elements":"0.94158","published_at":"2026-06-12T12:55:00Z"},{"value":"0.12669","scoring_system":"epss","scoring_elements":"0.94165","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5650"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat85/commit/2cb9c724e6a2d15a5bc909c4bf1ab9dfc26fa362","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/2cb9c724e6a2d15a5bc909c4bf1ab9dfc26fa362"},{"reference_url":"https://github.com/apache/tomcat/commit/2cb9c724e6a2d15a5bc909c4bf1ab9dfc26fa362","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2cb9c724e6a2d15a5bc909c4bf1ab9dfc26fa362"},{"reference_url":"https://github.com/apache/tomcat/commit/5496e193a89b8b8b3177e516358df2f07ab852b3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5496e193a89b8b8b3177e516358df2f07ab852b3"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5650","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5650"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180614-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180614-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180614-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1788460","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1788460"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1788480","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1788480"},{"reference_url":"https://web.archive.org/web/20170417124144/http://www.securityfocus.com/bid/97531","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170417124144/http://www.securityfocus.com/bid/97531"},{"reference_url":"https://web.archive.org/web/20170906032952/http://www.securitytracker.com/id/1038217","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170906032952/http://www.securitytracker.com/id/1038217"},{"reference_url":"http://www.securityfocus.com/bid/97531","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97531"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441230","reference_id":"1441230","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1441230"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5650","reference_id":"CVE-2017-5650","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5650"},{"reference_url":"https://github.com/advisories/GHSA-9785-w233-x6hv","reference_id":"GHSA-9785-w233-x6hv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9785-w233-x6hv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/638?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v9zx-5ppt-qfbb"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M19"}],"aliases":["CVE-2017-5650","GHSA-9785-w233-x6hv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vvc7-62tw-2bhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5902?format=json","vulnerability_id":"VCID-w35j-v3r4-tqhu","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3929","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3931","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3931"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0199.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0199","reference_id":"","reference_type":"","scores":[{"value":"0.65581","scoring_system":"epss","scoring_elements":"0.98519","published_at":"2026-06-11T12:55:00Z"},{"value":"0.65581","scoring_system":"epss","scoring_elements":"0.98523","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0199"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/60a3af1738879ec06fac1ecb8a149608782f7cc9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/60a3af1738879ec06fac1ecb8a149608782f7cc9"},{"reference_url":"https://github.com/apache/tomcat/commit/a1cb1ac77e3a8fec1b00eb0e944842555da14f7d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/a1cb1ac77e3a8fec1b00eb0e944842555da14f7d"},{"reference_url":"https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c%40%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c%40%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/43","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Dec/43"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190419-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190419-0001"},{"reference_url":"https://support.f5.com/csp/article/K17321505","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K17321505"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852698","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852698"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852699","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852699"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852700","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852700"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852701","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852701"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852702","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852702"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852703","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852703"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852704","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852704"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852705","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852705"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852706","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852706"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852707","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852707"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852711","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852711"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852712","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852712"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852713","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852713"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852714","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852714"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852715","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852715"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852717","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852717"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852718","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852718"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852719","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852719"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852722","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852722"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852723","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852723"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1852724","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1852724"},{"reference_url":"https://web.archive.org/web/20200227030041/http://www.securityfocus.com/bid/107674","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227030041/http://www.securityfocus.com/bid/107674"},{"reference_url":"https://www.debian.org/security/2019/dsa-4596","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4596"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1693325","reference_id":"1693325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1693325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199","reference_id":"CVE-2019-0199","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0199","reference_id":"CVE-2019-0199","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0199"},{"reference_url":"https://github.com/advisories/GHSA-qcxh-w3j9-58qr","reference_id":"GHSA-qcxh-w3j9-58qr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcxh-w3j9-58qr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2366","reference_id":"RHSA-2020:2366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/606?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3977-sdws-euh4"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-4c8y-tn9d-v3d5"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9gs9-4vzf-uqbu"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.16"}],"aliases":["CVE-2019-0199","GHSA-qcxh-w3j9-58qr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w35j-v3r4-tqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18189?format=json","vulnerability_id":"VCID-yjb8-hdqu-4fe5","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21733","reference_id":"","reference_type":"","scores":[{"value":"0.70951","scoring_system":"epss","scoring_elements":"0.98732","published_at":"2026-06-13T12:55:00Z"},{"value":"0.70951","scoring_system":"epss","scoring_elements":"0.98731","published_at":"2026-06-12T12:55:00Z"},{"value":"0.70951","scoring_system":"epss","scoring_elements":"0.98726","published_at":"2026-06-11T12:55:00Z"},{"value":"0.70951","scoring_system":"epss","scoring_elements":"0.98733","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21733"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a"},{"reference_url":"https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240216-0005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240216-0005"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/19/2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/01/19/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259204","reference_id":"2259204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733","reference_id":"CVE-2024-21733","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21733","reference_id":"CVE-2024-21733","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21733"},{"reference_url":"https://github.com/advisories/GHSA-f4qf-m5gf-8jm8","reference_id":"GHSA-f4qf-m5gf-8jm8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f4qf-m5gf-8jm8"},{"reference_url":"https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz","reference_id":"h9bjqdd0odj6lhs2o96qgowcc6hb0cfz","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T16:09:11Z/"}],"url":"https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2707","reference_id":"RHSA-2024:2707","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2707"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3354","reference_id":"RHSA-2024:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3354"},{"reference_url":"https://usn.ubuntu.com/7562-1/","reference_id":"USN-7562-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7562-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/570?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2hmq-5245-jyaf"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-63vc-sc11-8kf1"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-bbye-dcrb-t3ev"},{"vulnerability":"VCID-dhxd-kknv-9qb7"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-dx14-ejnx-37ad"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-hvgr-azs4-qqac"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-ndb1-hdsw-v7fq"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vnfg-9em7-u7ee"},{"vulnerability":"VCID-x7wn-uamc-6bg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.44"}],"aliases":["CVE-2024-21733","GHSA-f4qf-m5gf-8jm8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjb8-hdqu-4fe5"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2009?format=json","vulnerability_id":"VCID-5hp9-mbcu-2bdt","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8745.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8745","reference_id":"","reference_type":"","scores":[{"value":"0.1091","scoring_system":"epss","scoring_elements":"0.93561","published_at":"2026-06-11T12:55:00Z"},{"value":"0.1091","scoring_system":"epss","scoring_elements":"0.93586","published_at":"2026-06-14T12:55:00Z"},{"value":"0.1091","scoring_system":"epss","scoring_elements":"0.93585","published_at":"2026-06-13T12:55:00Z"},{"value":"0.1091","scoring_system":"epss","scoring_elements":"0.93581","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8745"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/143bb466cf96a89e791b7db5626055ea819dad89","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/143bb466cf96a89e791b7db5626055ea819dad89"},{"reference_url":"https://github.com/apache/tomcat80/commit/3dd2fec73e0de1edc1d3eb1c52a01255fdfc84e7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/3dd2fec73e0de1edc1d3eb1c52a01255fdfc84e7"},{"reference_url":"https://github.com/apache/tomcat85/commit/16a57bc885e212839f1d717b94b01d154a36943a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat85/commit/16a57bc885e212839f1d717b94b01d154a36943a"},{"reference_url":"https://github.com/apache/tomcat/commit/143bb466cf96a89e791b7db5626055ea819dad89","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/143bb466cf96a89e791b7db5626055ea819dad89"},{"reference_url":"https://github.com/apache/tomcat/commit/16a57bc885e212839f1d717b94b01d154a36943a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/16a57bc885e212839f1d717b94b01d154a36943a"},{"reference_url":"https://github.com/apache/tomcat/commit/cbc9b18a845d3c8c053ac293dffda6c6c19dd92b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cbc9b18a845d3c8c053ac293dffda6c6c19dd92b"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8745","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8745"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180607-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180607-0002"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1771853","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1771853"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1771857","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1771857"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1777469","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1777469"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1777471","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1777471"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1777472","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1777472"},{"reference_url":"https://web.archive.org/web/20200227165932/http://www.securityfocus.com/bid/94828","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227165932/http://www.securityfocus.com/bid/94828"},{"reference_url":"https://web.archive.org/web/20200517114357/http://www.securitytracker.com/id/1037432","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517114357/http://www.securitytracker.com/id/1037432"},{"reference_url":"http://www.securitytracker.com/id/1037432","reference_id":"1037432","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"http://www.securitytracker.com/id/1037432"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1403824","reference_id":"1403824","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1403824"},{"reference_url":"https://security.gentoo.org/glsa/201705-09","reference_id":"201705-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://security.gentoo.org/glsa/201705-09"},{"reference_url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_id":"343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_id":"388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_id":"3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4%40%3Cannounce.tomcat.apache.org%3E","reference_id":"4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4%40%3Cannounce.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_id":"6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_id":"845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_id":"88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://www.securityfocus.com/bid/94828","reference_id":"94828","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"http://www.securityfocus.com/bid/94828"},{"reference_url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_id":"b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"cpuapr2018-3678067.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"cpuoct2017-3236626.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745","reference_id":"CVE-2016-8745","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745"},{"reference_url":"http://www.debian.org/security/2017/dsa-3754","reference_id":"dsa-3754","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"http://www.debian.org/security/2017/dsa-3754"},{"reference_url":"http://www.debian.org/security/2017/dsa-3755","reference_id":"dsa-3755","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"http://www.debian.org/security/2017/dsa-3755"},{"reference_url":"https://github.com/advisories/GHSA-w3j5-q8f2-3cqq","reference_id":"GHSA-w3j5-q8f2-3cqq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w3j5-q8f2-3cqq"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180607-0002/","reference_id":"ntap-20180607-0002","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180607-0002/"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_id":"r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_id":"r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0455","reference_id":"RHSA-2017:0455","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0456","reference_id":"RHSA-2017:0456","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:0456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0457","reference_id":"RHSA-2017:0457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0457"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html","reference_id":"RHSA-2017-0457.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0527","reference_id":"RHSA-2017:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0527"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0527.html","reference_id":"RHSA-2017-0527.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0527.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0935","reference_id":"RHSA-2017:0935","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-12T21:20:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:0935"},{"reference_url":"https://usn.ubuntu.com/3177-1/","reference_id":"USN-3177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3177-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1039?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@6.0.50","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/943?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.75","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-4c8y-tn9d-v3d5"},{"vulnerability":"VCID-4tdx-52h3-bkfj"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9gs9-4vzf-uqbu"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-d1px-uadx-vqdx"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-evws-hrsq-ybfw"},{"vulnerability":"VCID-ftu2-phtp-bqad"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-k11z-qhvd-9ugj"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-rwqs-mabh-17c9"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-x57v-g2md-7bbq"},{"vulnerability":"VCID-yg5s-2fsb-gub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.75"},{"url":"http://public2.vulnerablecode.io/api/packages/814?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-4tdx-52h3-bkfj"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-d1px-uadx-vqdx"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-evws-hrsq-ybfw"},{"vulnerability":"VCID-ftu2-phtp-bqad"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-rwqs-mabh-17c9"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-x57v-g2md-7bbq"},{"vulnerability":"VCID-yg5s-2fsb-gub2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.41"},{"url":"http://public2.vulnerablecode.io/api/packages/820?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3977-sdws-euh4"},{"vulnerability":"VCID-3kn9-yxww-ryh4"},{"vulnerability":"VCID-3nvd-d9qm-13ew"},{"vulnerability":"VCID-4c8y-tn9d-v3d5"},{"vulnerability":"VCID-4tdx-52h3-bkfj"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9gs9-4vzf-uqbu"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-d1px-uadx-vqdx"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-evws-hrsq-ybfw"},{"vulnerability":"VCID-ftu2-phtp-bqad"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-ht8m-9gxn-mkaa"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-k11z-qhvd-9ugj"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-nj9t-gdm3-6ycn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-r9fd-ndvw-ekfa"},{"vulnerability":"VCID-rwqs-mabh-17c9"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-tvrz-n2kd-pba4"},{"vulnerability":"VCID-urhx-sw6q-cqce"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v5zf-qfdq-kbbp"},{"vulnerability":"VCID-v9zx-5ppt-qfbb"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vvc7-62tw-2bhh"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-x57v-g2md-7bbq"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.9"},{"url":"http://public2.vulnerablecode.io/api/packages/642?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sq-3qm1-kqb2"},{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-3nvd-d9qm-13ew"},{"vulnerability":"VCID-4tdx-52h3-bkfj"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6kab-xsqw-37ed"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p4j1-xp15-t3b8"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-urhx-sw6q-cqce"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v9zx-5ppt-qfbb"},{"vulnerability":"VCID-vvc7-62tw-2bhh"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M15"}],"aliases":["CVE-2016-8745","GHSA-w3j5-q8f2-3cqq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hp9-mbcu-2bdt"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M15"}