Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.16
Typemaven
Namespaceorg.apache.tomcat.embed
Nametomcat-embed-core
Version10.1.16
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.1.54
Latest_non_vulnerable_version11.0.22
Affected_by_vulnerabilities
0
url VCID-18rb-u2tu-affk
vulnerability_id VCID-18rb-u2tu-affk
summary 
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100.

Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53506
reference_id
reference_type
scores
0
value 0.01247
scoring_system epss
scoring_elements 0.79664
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53506
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
5
reference_url https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
6
reference_url https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
7
reference_url https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-11T13:46:01Z/
url https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
8
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
9
reference_url http://www.openwall.com/lists/oss-security/2025/07/10/13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/07/10/13
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113
reference_id 1109113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114
reference_id 1109114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2379386
reference_id 2379386
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2379386
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
reference_id CVE-2025-53506
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53506
reference_id CVE-2025-53506
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53506
15
reference_url https://github.com/advisories/GHSA-25xr-qj8w-c4vf
reference_id GHSA-25xr-qj8w-c4vf
reference_type
scores
url https://github.com/advisories/GHSA-25xr-qj8w-c4vf
16
reference_url https://access.redhat.com/errata/RHSA-2025:11695
reference_id RHSA-2025:11695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11695
17
reference_url https://access.redhat.com/errata/RHSA-2025:11696
reference_id RHSA-2025:11696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11696
18
reference_url https://access.redhat.com/errata/RHSA-2025:11741
reference_id RHSA-2025:11741
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11741
19
reference_url https://access.redhat.com/errata/RHSA-2025:11742
reference_id RHSA-2025:11742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11742
20
reference_url https://access.redhat.com/errata/RHSA-2025:14177
reference_id RHSA-2025:14177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14177
21
reference_url https://access.redhat.com/errata/RHSA-2025:14178
reference_id RHSA-2025:14178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14178
22
reference_url https://access.redhat.com/errata/RHSA-2025:14179
reference_id RHSA-2025:14179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14179
23
reference_url https://access.redhat.com/errata/RHSA-2025:14180
reference_id RHSA-2025:14180
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14180
24
reference_url https://access.redhat.com/errata/RHSA-2025:14181
reference_id RHSA-2025:14181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14181
25
reference_url https://access.redhat.com/errata/RHSA-2025:14182
reference_id RHSA-2025:14182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14182
26
reference_url https://access.redhat.com/errata/RHSA-2025:14183
reference_id RHSA-2025:14183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14183
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6w-bbfa-afb8
1
vulnerability VCID-5ebw-zerz-u7bh
2
vulnerability VCID-8qk1-ufax-eugz
3
vulnerability VCID-cugj-j48z-jub5
4
vulnerability VCID-d8re-94xd-nycp
5
vulnerability VCID-gw94-yyjd-17er
6
vulnerability VCID-kqng-d1f2-myg5
7
vulnerability VCID-nqgv-hbwa-d3en
8
vulnerability VCID-wcnj-bna8-7fh7
9
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qsf-yxnk-fqhy
1
vulnerability VCID-2s6w-bbfa-afb8
2
vulnerability VCID-5ebw-zerz-u7bh
3
vulnerability VCID-8qk1-ufax-eugz
4
vulnerability VCID-cugj-j48z-jub5
5
vulnerability VCID-d8re-94xd-nycp
6
vulnerability VCID-gw94-yyjd-17er
7
vulnerability VCID-kqng-d1f2-myg5
8
vulnerability VCID-nqgv-hbwa-d3en
9
vulnerability VCID-wcnj-bna8-7fh7
10
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
aliases CVE-2025-53506, GHSA-25xr-qj8w-c4vf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18rb-u2tu-affk
1
url VCID-2s6w-bbfa-afb8
vulnerability_id VCID-2s6w-bbfa-afb8
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34483
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.21014
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34483
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68
5
reference_url https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06
6
reference_url https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc
7
reference_url https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:16:32Z/
url https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34483
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34483
9
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/26
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/26
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id 1133356
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id 1133357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457044
reference_id 2457044
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457044
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483
reference_id CVE-2026-34483
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483
14
reference_url https://github.com/advisories/GHSA-rv64-5gf8-9qq8
reference_id GHSA-rv64-5gf8-9qq8
reference_type
scores
url https://github.com/advisories/GHSA-rv64-5gf8-9qq8
15
reference_url https://access.redhat.com/errata/RHSA-2026:20405
reference_id RHSA-2026:20405
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20405
16
reference_url https://access.redhat.com/errata/RHSA-2026:20406
reference_id RHSA-2026:20406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20406
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.54
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.54
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.54
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.21
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.21
aliases CVE-2026-34483, GHSA-rv64-5gf8-9qq8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2s6w-bbfa-afb8
2
url VCID-5ebw-zerz-u7bh
vulnerability_id VCID-5ebw-zerz-u7bh
summary 
Apache Tomcat Improper Resource Shutdown or Release vulnerability
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.

Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48989.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48989.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48989
reference_id
reference_type
scores
0
value 0.01022
scoring_system epss
scoring_elements 0.77613
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48989
2
reference_url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
5
reference_url https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255
6
reference_url https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06
7
reference_url https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf
8
reference_url https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T18:37:15Z/
url https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf
9
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
10
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
11
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
12
reference_url https://www.kb.cert.org/vuls/id/767506
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/767506
13
reference_url http://www.openwall.com/lists/oss-security/2025/08/13/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/13/2
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111096
reference_id 1111096
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111096
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111097
reference_id 1111097
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111097
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2373309
reference_id 2373309
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2373309
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989
reference_id CVE-2025-48989
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48989
reference_id CVE-2025-48989
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48989
19
reference_url https://github.com/advisories/GHSA-gqp3-2cvr-x8m3
reference_id GHSA-gqp3-2cvr-x8m3
reference_type
scores
url https://github.com/advisories/GHSA-gqp3-2cvr-x8m3
20
reference_url https://access.redhat.com/errata/RHSA-2025:13685
reference_id RHSA-2025:13685
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13685
21
reference_url https://access.redhat.com/errata/RHSA-2025:13686
reference_id RHSA-2025:13686
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13686
22
reference_url https://access.redhat.com/errata/RHSA-2025:14177
reference_id RHSA-2025:14177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14177
23
reference_url https://access.redhat.com/errata/RHSA-2025:14178
reference_id RHSA-2025:14178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14178
24
reference_url https://access.redhat.com/errata/RHSA-2025:14179
reference_id RHSA-2025:14179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14179
25
reference_url https://access.redhat.com/errata/RHSA-2025:14180
reference_id RHSA-2025:14180
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14180
26
reference_url https://access.redhat.com/errata/RHSA-2025:14181
reference_id RHSA-2025:14181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14181
27
reference_url https://access.redhat.com/errata/RHSA-2025:14182
reference_id RHSA-2025:14182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14182
28
reference_url https://access.redhat.com/errata/RHSA-2025:14183
reference_id RHSA-2025:14183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14183
29
reference_url https://access.redhat.com/errata/RHSA-2025:22924
reference_id RHSA-2025:22924
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22924
30
reference_url https://access.redhat.com/errata/RHSA-2025:22925
reference_id RHSA-2025:22925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22925
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.44
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6w-bbfa-afb8
1
vulnerability VCID-8qk1-ufax-eugz
2
vulnerability VCID-cugj-j48z-jub5
3
vulnerability VCID-d8re-94xd-nycp
4
vulnerability VCID-gw94-yyjd-17er
5
vulnerability VCID-kqng-d1f2-myg5
6
vulnerability VCID-nqgv-hbwa-d3en
7
vulnerability VCID-wcnj-bna8-7fh7
8
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.44
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.10
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qsf-yxnk-fqhy
1
vulnerability VCID-2s6w-bbfa-afb8
2
vulnerability VCID-8qk1-ufax-eugz
3
vulnerability VCID-cugj-j48z-jub5
4
vulnerability VCID-d8re-94xd-nycp
5
vulnerability VCID-gw94-yyjd-17er
6
vulnerability VCID-kqng-d1f2-myg5
7
vulnerability VCID-nqgv-hbwa-d3en
8
vulnerability VCID-wcnj-bna8-7fh7
9
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.10
aliases CVE-2025-48989, GHSA-gqp3-2cvr-x8m3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ebw-zerz-u7bh
3
url VCID-8qk1-ufax-eugz
vulnerability_id VCID-8qk1-ufax-eugz
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29145
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08602
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29145
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b
5
reference_url https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b
6
reference_url https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90
7
reference_url https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:10:50Z/
url https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29145
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29145
9
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53
10
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20
11
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116
12
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/23
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/23
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id 1133356
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id 1133357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457037
reference_id 2457037
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457037
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145
reference_id CVE-2026-29145
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145
17
reference_url https://github.com/advisories/GHSA-95jq-rwvf-vjx4
reference_id GHSA-95jq-rwvf-vjx4
reference_type
scores
url https://github.com/advisories/GHSA-95jq-rwvf-vjx4
18
reference_url https://access.redhat.com/errata/RHSA-2026:20405
reference_id RHSA-2026:20405
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20405
19
reference_url https://access.redhat.com/errata/RHSA-2026:20406
reference_id RHSA-2026:20406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20406
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.53
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.53
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6w-bbfa-afb8
1
vulnerability VCID-nqgv-hbwa-d3en
2
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.53
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6w-bbfa-afb8
1
vulnerability VCID-nqgv-hbwa-d3en
2
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20
aliases CVE-2026-29145, GHSA-95jq-rwvf-vjx4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qk1-ufax-eugz
4
url VCID-cugj-j48z-jub5
vulnerability_id VCID-cugj-j48z-jub5
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24880
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.38946
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24880
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a
5
reference_url https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb
6
reference_url https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5
7
reference_url https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c
8
reference_url https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522
9
reference_url https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552
10
reference_url https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/
url https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24880
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24880
12
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53
13
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20
14
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116
15
reference_url https://www.herodevs.com/vulnerability-directory/cve-2026-24880
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.herodevs.com/vulnerability-directory/cve-2026-24880
16
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/20
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id 1133356
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id 1133357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457040
reference_id 2457040
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457040
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880
reference_id CVE-2026-24880
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880
21
reference_url https://github.com/advisories/GHSA-563x-q5rq-57qp
reference_id GHSA-563x-q5rq-57qp
reference_type
scores
url https://github.com/advisories/GHSA-563x-q5rq-57qp
22
reference_url https://access.redhat.com/errata/RHSA-2026:20405
reference_id RHSA-2026:20405
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20405
23
reference_url https://access.redhat.com/errata/RHSA-2026:20406
reference_id RHSA-2026:20406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20406
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.52
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.52
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qsf-yxnk-fqhy
1
vulnerability VCID-2s6w-bbfa-afb8
2
vulnerability VCID-8qk1-ufax-eugz
3
vulnerability VCID-gw94-yyjd-17er
4
vulnerability VCID-j493-xan3-myfm
5
vulnerability VCID-nqgv-hbwa-d3en
6
vulnerability VCID-nsp7-e9m6-juhv
7
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.52
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6w-bbfa-afb8
1
vulnerability VCID-nqgv-hbwa-d3en
2
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20
aliases CVE-2026-24880, GHSA-563x-q5rq-57qp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cugj-j48z-jub5
5
url VCID-d8re-94xd-nycp
vulnerability_id VCID-d8re-94xd-nycp
summary 
Apache Tomcat Vulnerable to Relative Path Traversal
The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.



This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.

The following versions were EOL at the time the CVE was created but are  known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55752
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.51089
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55752
2
reference_url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
5
reference_url https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06
6
reference_url https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df
7
reference_url https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a
8
reference_url https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T03:56:06Z/
url https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog
9
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45
10
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11
11
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109
12
reference_url http://www.openwall.com/lists/oss-security/2025/10/27/4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/10/27/4
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406591
reference_id 2406591
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2406591
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752
reference_id CVE-2025-55752
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55752
reference_id CVE-2025-55752
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55752
16
reference_url https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability
reference_id CVE-2025-55752-DETECT-APACHE-TOMCAT-VULNERABILITY
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability
17
reference_url https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability
reference_id CVE-2025-55752-MITIGATE-APACHE-TOMCAT-VULNERABILITY
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability
18
reference_url https://github.com/advisories/GHSA-wmwf-9ccg-fff5
reference_id GHSA-wmwf-9ccg-fff5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wmwf-9ccg-fff5
19
reference_url https://access.redhat.com/errata/RHSA-2025:19809
reference_id RHSA-2025:19809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19809
20
reference_url https://access.redhat.com/errata/RHSA-2025:19810
reference_id RHSA-2025:19810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19810
21
reference_url https://access.redhat.com/errata/RHSA-2025:22924
reference_id RHSA-2025:22924
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22924
22
reference_url https://access.redhat.com/errata/RHSA-2025:22925
reference_id RHSA-2025:22925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22925
23
reference_url https://access.redhat.com/errata/RHSA-2025:23044
reference_id RHSA-2025:23044
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23044
24
reference_url https://access.redhat.com/errata/RHSA-2025:23045
reference_id RHSA-2025:23045
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23045
25
reference_url https://access.redhat.com/errata/RHSA-2025:23046
reference_id RHSA-2025:23046
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23046
26
reference_url https://access.redhat.com/errata/RHSA-2025:23047
reference_id RHSA-2025:23047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23047
27
reference_url https://access.redhat.com/errata/RHSA-2025:23048
reference_id RHSA-2025:23048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23048
28
reference_url https://access.redhat.com/errata/RHSA-2025:23049
reference_id RHSA-2025:23049
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23049
29
reference_url https://access.redhat.com/errata/RHSA-2025:23050
reference_id RHSA-2025:23050
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23050
30
reference_url https://access.redhat.com/errata/RHSA-2025:23051
reference_id RHSA-2025:23051
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23051
31
reference_url https://access.redhat.com/errata/RHSA-2025:23052
reference_id RHSA-2025:23052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23052
32
reference_url https://access.redhat.com/errata/RHSA-2025:23053
reference_id RHSA-2025:23053
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23053
33
reference_url https://access.redhat.com/errata/RHSA-2025:23225
reference_id RHSA-2025:23225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23225
34
reference_url https://access.redhat.com/errata/RHSA-2026:0292
reference_id RHSA-2026:0292
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0292
35
reference_url https://access.redhat.com/errata/RHSA-2026:0293
reference_id RHSA-2026:0293
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0293
36
reference_url https://access.redhat.com/errata/RHSA-2026:2724
reference_id RHSA-2026:2724
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2724
37
reference_url https://access.redhat.com/errata/RHSA-2026:2725
reference_id RHSA-2026:2725
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2725
38
reference_url https://access.redhat.com/errata/RHSA-2026:2726
reference_id RHSA-2026:2726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2726
39
reference_url https://access.redhat.com/errata/RHSA-2026:6569
reference_id RHSA-2026:6569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6569
40
reference_url https://access.redhat.com/errata/RHSA-2026:8334
reference_id RHSA-2026:8334
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8334
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.45
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.45
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6w-bbfa-afb8
1
vulnerability VCID-8qk1-ufax-eugz
2
vulnerability VCID-cugj-j48z-jub5
3
vulnerability VCID-gw94-yyjd-17er
4
vulnerability VCID-kqng-d1f2-myg5
5
vulnerability VCID-nqgv-hbwa-d3en
6
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.45
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.11
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qsf-yxnk-fqhy
1
vulnerability VCID-2s6w-bbfa-afb8
2
vulnerability VCID-8qk1-ufax-eugz
3
vulnerability VCID-cugj-j48z-jub5
4
vulnerability VCID-gw94-yyjd-17er
5
vulnerability VCID-kqng-d1f2-myg5
6
vulnerability VCID-nqgv-hbwa-d3en
7
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.11
aliases CVE-2025-55752, GHSA-wmwf-9ccg-fff5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d8re-94xd-nycp
6
url VCID-gw94-yyjd-17er
vulnerability_id VCID-gw94-yyjd-17er
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25854
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.1023
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25854
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695
5
reference_url https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2
6
reference_url https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0
7
reference_url https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/
url https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25854
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25854
9
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/21
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/21
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id 1133356
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id 1133357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457039
reference_id 2457039
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457039
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854
reference_id CVE-2026-25854
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854
14
reference_url https://github.com/advisories/GHSA-9m3c-qcxr-9x87
reference_id GHSA-9m3c-qcxr-9x87
reference_type
scores
url https://github.com/advisories/GHSA-9m3c-qcxr-9x87
15
reference_url https://access.redhat.com/errata/RHSA-2026:20405
reference_id RHSA-2026:20405
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20405
16
reference_url https://access.redhat.com/errata/RHSA-2026:20406
reference_id RHSA-2026:20406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20406
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.53
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.53
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6w-bbfa-afb8
1
vulnerability VCID-nqgv-hbwa-d3en
2
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.53
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6w-bbfa-afb8
1
vulnerability VCID-nqgv-hbwa-d3en
2
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.20
aliases CVE-2026-25854, GHSA-9m3c-qcxr-9x87
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gw94-yyjd-17er
7
url VCID-j66a-6et3-mfha
vulnerability_id VCID-j66a-6et3-mfha
summary 
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24549
reference_id
reference_type
scores
0
value 0.6439
scoring_system epss
scoring_elements 0.98467
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24549
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
5
reference_url https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
6
reference_url https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
7
reference_url https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
8
reference_url https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T15:00:56Z/
url https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
9
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
12
reference_url https://security.netapp.com/advisory/ntap-20240402-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240402-0002
13
reference_url http://www.openwall.com/lists/oss-security/2024/03/13/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/03/13/3
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878
reference_id 1066878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2269607
reference_id 2269607
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2269607
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
reference_id CVE-2024-24549
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24549
reference_id CVE-2024-24549
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24549
18
reference_url https://github.com/advisories/GHSA-7w75-32cg-r6g2
reference_id GHSA-7w75-32cg-r6g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7w75-32cg-r6g2
19
reference_url https://access.redhat.com/errata/RHSA-2024:1318
reference_id RHSA-2024:1318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1318
20
reference_url https://access.redhat.com/errata/RHSA-2024:1319
reference_id RHSA-2024:1319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1319
21
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
22
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
23
reference_url https://access.redhat.com/errata/RHSA-2024:3307
reference_id RHSA-2024:3307
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3307
24
reference_url https://access.redhat.com/errata/RHSA-2024:3308
reference_id RHSA-2024:3308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3308
25
reference_url https://access.redhat.com/errata/RHSA-2024:3666
reference_id RHSA-2024:3666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3666
26
reference_url https://access.redhat.com/errata/RHSA-2024:3814
reference_id RHSA-2024:3814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3814
27
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18rb-u2tu-affk
1
vulnerability VCID-2s6w-bbfa-afb8
2
vulnerability VCID-5ebw-zerz-u7bh
3
vulnerability VCID-8qk1-ufax-eugz
4
vulnerability VCID-cugj-j48z-jub5
5
vulnerability VCID-d8re-94xd-nycp
6
vulnerability VCID-gw94-yyjd-17er
7
vulnerability VCID-kqng-d1f2-myg5
8
vulnerability VCID-nqgv-hbwa-d3en
9
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18rb-u2tu-affk
1
vulnerability VCID-1qsf-yxnk-fqhy
2
vulnerability VCID-2s6w-bbfa-afb8
3
vulnerability VCID-5ebw-zerz-u7bh
4
vulnerability VCID-8qk1-ufax-eugz
5
vulnerability VCID-cugj-j48z-jub5
6
vulnerability VCID-d8re-94xd-nycp
7
vulnerability VCID-gw94-yyjd-17er
8
vulnerability VCID-kqng-d1f2-myg5
9
vulnerability VCID-nqgv-hbwa-d3en
10
vulnerability VCID-paqj-ye46-8bdb
11
vulnerability VCID-wcnj-bna8-7fh7
12
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
aliases CVE-2024-24549, GHSA-7w75-32cg-r6g2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j66a-6et3-mfha
8
url VCID-kqng-d1f2-myg5
vulnerability_id VCID-kqng-d1f2-myg5
summary 
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.

The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61795
reference_id
reference_type
scores
0
value 0.00129
scoring_system epss
scoring_elements 0.31983
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61795
2
reference_url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
5
reference_url https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06
6
reference_url https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0
7
reference_url https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b
8
reference_url https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T18:48:52Z/
url https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp
9
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47
10
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12
11
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110
12
reference_url http://www.openwall.com/lists/oss-security/2025/10/27/6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/10/27/6
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293
reference_id 1119293
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294
reference_id 1119294
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406588
reference_id 2406588
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2406588
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795
reference_id CVE-2025-61795
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61795
reference_id CVE-2025-61795
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61795
18
reference_url https://github.com/advisories/GHSA-hgrr-935x-pq79
reference_id GHSA-hgrr-935x-pq79
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgrr-935x-pq79
19
reference_url https://access.redhat.com/errata/RHSA-2025:19809
reference_id RHSA-2025:19809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19809
20
reference_url https://access.redhat.com/errata/RHSA-2025:19810
reference_id RHSA-2025:19810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19810
21
reference_url https://access.redhat.com/errata/RHSA-2025:23050
reference_id RHSA-2025:23050
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23050
22
reference_url https://access.redhat.com/errata/RHSA-2025:23051
reference_id RHSA-2025:23051
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23051
23
reference_url https://access.redhat.com/errata/RHSA-2026:6569
reference_id RHSA-2026:6569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6569
24
reference_url https://access.redhat.com/errata/RHSA-2026:8334
reference_id RHSA-2026:8334
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8334
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6w-bbfa-afb8
1
vulnerability VCID-8qk1-ufax-eugz
2
vulnerability VCID-cugj-j48z-jub5
3
vulnerability VCID-gw94-yyjd-17er
4
vulnerability VCID-nqgv-hbwa-d3en
5
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qsf-yxnk-fqhy
1
vulnerability VCID-2s6w-bbfa-afb8
2
vulnerability VCID-8qk1-ufax-eugz
3
vulnerability VCID-cugj-j48z-jub5
4
vulnerability VCID-gw94-yyjd-17er
5
vulnerability VCID-nqgv-hbwa-d3en
6
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12
aliases CVE-2025-61795, GHSA-hgrr-935x-pq79
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqng-d1f2-myg5
9
url VCID-nqgv-hbwa-d3en
vulnerability_id VCID-nqgv-hbwa-d3en
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34487
reference_id
reference_type
scores
0
value 0.00073
scoring_system epss
scoring_elements 0.22253
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34487
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150
5
reference_url https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d
6
reference_url https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976
7
reference_url https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:47:28Z/
url https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34487
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34487
9
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/28
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/28
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id 1133356
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id 1133357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457038
reference_id 2457038
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457038
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487
reference_id CVE-2026-34487
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487
14
reference_url https://github.com/advisories/GHSA-x4m4-345f-5h5g
reference_id GHSA-x4m4-345f-5h5g
reference_type
scores
url https://github.com/advisories/GHSA-x4m4-345f-5h5g
15
reference_url https://access.redhat.com/errata/RHSA-2026:20405
reference_id RHSA-2026:20405
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20405
16
reference_url https://access.redhat.com/errata/RHSA-2026:20406
reference_id RHSA-2026:20406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20406
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.54
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.54
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.54
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.21
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.21
aliases CVE-2026-34487, GHSA-x4m4-345f-5h5g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqgv-hbwa-d3en
10
url VCID-wcnj-bna8-7fh7
vulnerability_id VCID-wcnj-bna8-7fh7
summary 
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.



This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.

The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55754
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33182
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55754
2
reference_url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-032379.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
5
reference_url https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2
6
reference_url https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb
7
reference_url https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5
8
reference_url https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:55Z/
url https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd
9
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45
10
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11
11
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109
12
reference_url http://www.openwall.com/lists/oss-security/2025/10/27/5
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/10/27/5
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406590
reference_id 2406590
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2406590
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754
reference_id CVE-2025-55754
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55754
reference_id CVE-2025-55754
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55754
16
reference_url https://github.com/advisories/GHSA-vfww-5hm6-hx2j
reference_id GHSA-vfww-5hm6-hx2j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfww-5hm6-hx2j
17
reference_url https://access.redhat.com/errata/RHSA-2026:18536
reference_id RHSA-2026:18536
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:18536
18
reference_url https://access.redhat.com/errata/RHSA-2026:18537
reference_id RHSA-2026:18537
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:18537
19
reference_url https://access.redhat.com/errata/RHSA-2026:18916
reference_id RHSA-2026:18916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:18916
20
reference_url https://access.redhat.com/errata/RHSA-2026:2740
reference_id RHSA-2026:2740
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2740
21
reference_url https://access.redhat.com/errata/RHSA-2026:2741
reference_id RHSA-2026:2741
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2741
22
reference_url https://access.redhat.com/errata/RHSA-2026:6569
reference_id RHSA-2026:6569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6569
23
reference_url https://access.redhat.com/errata/RHSA-2026:8334
reference_id RHSA-2026:8334
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8334
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.45
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.45
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6w-bbfa-afb8
1
vulnerability VCID-8qk1-ufax-eugz
2
vulnerability VCID-cugj-j48z-jub5
3
vulnerability VCID-gw94-yyjd-17er
4
vulnerability VCID-kqng-d1f2-myg5
5
vulnerability VCID-nqgv-hbwa-d3en
6
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.45
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.11
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qsf-yxnk-fqhy
1
vulnerability VCID-2s6w-bbfa-afb8
2
vulnerability VCID-8qk1-ufax-eugz
3
vulnerability VCID-cugj-j48z-jub5
4
vulnerability VCID-gw94-yyjd-17er
5
vulnerability VCID-kqng-d1f2-myg5
6
vulnerability VCID-nqgv-hbwa-d3en
7
vulnerability VCID-z8df-aq4y-ubet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.11
aliases CVE-2025-55754, GHSA-vfww-5hm6-hx2j
risk_score 4.3
exploitability 0.5
weighted_severity 8.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wcnj-bna8-7fh7
Fixing_vulnerabilities
0
url VCID-zba8-2zc4-9qfh
vulnerability_id VCID-zba8-2zc4-9qfh
summary 
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 does not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
request as multiple requests leading to the possibility of request 
smuggling when behind a reverse proxy.

Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46589
reference_id
reference_type
scores
0
value 0.53163
scoring_system epss
scoring_elements 0.9802
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46589
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
5
reference_url https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
6
reference_url https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
7
reference_url https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
8
reference_url https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/
url https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
9
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
10
reference_url https://security.netapp.com/advisory/ntap-20231214-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0009
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
13
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
14
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
15
reference_url https://www.openwall.com/lists/oss-security/2023/11/28/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/
url https://www.openwall.com/lists/oss-security/2023/11/28/2
16
reference_url http://www.openwall.com/lists/oss-security/2023/11/28/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/28/2
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082
reference_id 1057082
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252050
reference_id 2252050
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252050
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
reference_id CVE-2023-46589
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46589
reference_id CVE-2023-46589
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46589
21
reference_url https://github.com/advisories/GHSA-fccv-jmmp-qg76
reference_id GHSA-fccv-jmmp-qg76
reference_type
scores
url https://github.com/advisories/GHSA-fccv-jmmp-qg76
22
reference_url https://access.redhat.com/errata/RHSA-2024:0532
reference_id RHSA-2024:0532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0532
23
reference_url https://access.redhat.com/errata/RHSA-2024:0539
reference_id RHSA-2024:0539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0539
24
reference_url https://access.redhat.com/errata/RHSA-2024:1092
reference_id RHSA-2024:1092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1092
25
reference_url https://access.redhat.com/errata/RHSA-2024:1134
reference_id RHSA-2024:1134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1134
26
reference_url https://access.redhat.com/errata/RHSA-2024:1318
reference_id RHSA-2024:1318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1318
27
reference_url https://access.redhat.com/errata/RHSA-2024:1319
reference_id RHSA-2024:1319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1319
28
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
29
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
30
reference_url https://usn.ubuntu.com/7032-1/
reference_id USN-7032-1
reference_type
scores
url https://usn.ubuntu.com/7032-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.96
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.96
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18rb-u2tu-affk
1
vulnerability VCID-cugj-j48z-jub5
2
vulnerability VCID-d8re-94xd-nycp
3
vulnerability VCID-gw94-yyjd-17er
4
vulnerability VCID-j66a-6et3-mfha
5
vulnerability VCID-kqng-d1f2-myg5
6
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.96
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.83
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.83
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18rb-u2tu-affk
1
vulnerability VCID-1qsf-yxnk-fqhy
2
vulnerability VCID-2s6w-bbfa-afb8
3
vulnerability VCID-5ebw-zerz-u7bh
4
vulnerability VCID-8qk1-ufax-eugz
5
vulnerability VCID-cugj-j48z-jub5
6
vulnerability VCID-d8re-94xd-nycp
7
vulnerability VCID-gw94-yyjd-17er
8
vulnerability VCID-j66a-6et3-mfha
9
vulnerability VCID-kqng-d1f2-myg5
10
vulnerability VCID-nqgv-hbwa-d3en
11
vulnerability VCID-s93z-rmw7-5bcw
12
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.83
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.16
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18rb-u2tu-affk
1
vulnerability VCID-2s6w-bbfa-afb8
2
vulnerability VCID-5ebw-zerz-u7bh
3
vulnerability VCID-8qk1-ufax-eugz
4
vulnerability VCID-cugj-j48z-jub5
5
vulnerability VCID-d8re-94xd-nycp
6
vulnerability VCID-gw94-yyjd-17er
7
vulnerability VCID-j66a-6et3-mfha
8
vulnerability VCID-kqng-d1f2-myg5
9
vulnerability VCID-nqgv-hbwa-d3en
10
vulnerability VCID-wcnj-bna8-7fh7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.16
3
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18rb-u2tu-affk
1
vulnerability VCID-1qsf-yxnk-fqhy
2
vulnerability VCID-2s6w-bbfa-afb8
3
vulnerability VCID-5ebw-zerz-u7bh
4
vulnerability VCID-8qk1-ufax-eugz
5
vulnerability VCID-cugj-j48z-jub5
6
vulnerability VCID-d8re-94xd-nycp
7
vulnerability VCID-gw94-yyjd-17er
8
vulnerability VCID-j66a-6et3-mfha
9
vulnerability VCID-kqng-d1f2-myg5
10
vulnerability VCID-nqgv-hbwa-d3en
11
vulnerability VCID-paqj-ye46-8bdb
12
vulnerability VCID-wcnj-bna8-7fh7
13
vulnerability VCID-y4a2-mamb-yqg6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
aliases CVE-2023-46589, GHSA-fccv-jmmp-qg76
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zba8-2zc4-9qfh
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.16