Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.83
Typemaven
Namespaceorg.apache.tomcat.embed
Nametomcat-embed-core
Version8.5.83
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.0.107
Latest_non_vulnerable_version11.0.21
Affected_by_vulnerabilities
0
url VCID-fpgj-82wf-ykbw
vulnerability_id VCID-fpgj-82wf-ykbw
summary 
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.
The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53506
reference_id
reference_type
scores
0
value 0.00324
scoring_system epss
scoring_elements 0.5542
published_at 2026-04-02T12:55:00Z
1
value 0.00324
scoring_system epss
scoring_elements 0.55445
published_at 2026-04-04T12:55:00Z
2
value 0.00429
scoring_system epss
scoring_elements 0.62511
published_at 2026-04-11T12:55:00Z
3
value 0.00429
scoring_system epss
scoring_elements 0.62492
published_at 2026-04-09T12:55:00Z
4
value 0.00429
scoring_system epss
scoring_elements 0.62476
published_at 2026-04-08T12:55:00Z
5
value 0.00429
scoring_system epss
scoring_elements 0.62425
published_at 2026-04-07T12:55:00Z
6
value 0.00429
scoring_system epss
scoring_elements 0.62478
published_at 2026-04-13T12:55:00Z
7
value 0.00429
scoring_system epss
scoring_elements 0.625
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53506
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
5
reference_url https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
6
reference_url https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b
7
reference_url https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-11T13:46:01Z/
url https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
8
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53506
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53506
10
reference_url http://www.openwall.com/lists/oss-security/2025/07/10/13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/07/10/13
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113
reference_id 1109113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114
reference_id 1109114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2379386
reference_id 2379386
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2379386
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
reference_id CVE-2025-53506
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
15
reference_url https://github.com/advisories/GHSA-25xr-qj8w-c4vf
reference_id GHSA-25xr-qj8w-c4vf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-25xr-qj8w-c4vf
16
reference_url https://access.redhat.com/errata/RHSA-2025:11695
reference_id RHSA-2025:11695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11695
17
reference_url https://access.redhat.com/errata/RHSA-2025:11696
reference_id RHSA-2025:11696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11696
18
reference_url https://access.redhat.com/errata/RHSA-2025:11741
reference_id RHSA-2025:11741
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11741
19
reference_url https://access.redhat.com/errata/RHSA-2025:11742
reference_id RHSA-2025:11742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11742
20
reference_url https://access.redhat.com/errata/RHSA-2025:14177
reference_id RHSA-2025:14177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14177
21
reference_url https://access.redhat.com/errata/RHSA-2025:14178
reference_id RHSA-2025:14178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14178
22
reference_url https://access.redhat.com/errata/RHSA-2025:14179
reference_id RHSA-2025:14179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14179
23
reference_url https://access.redhat.com/errata/RHSA-2025:14180
reference_id RHSA-2025:14180
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14180
24
reference_url https://access.redhat.com/errata/RHSA-2025:14181
reference_id RHSA-2025:14181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14181
25
reference_url https://access.redhat.com/errata/RHSA-2025:14182
reference_id RHSA-2025:14182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14182
26
reference_url https://access.redhat.com/errata/RHSA-2025:14183
reference_id RHSA-2025:14183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14183
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.107
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.107
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.107
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.43
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.9
aliases CVE-2025-53506, GHSA-25xr-qj8w-c4vf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpgj-82wf-ykbw
1
url VCID-j6cj-ftyd-3ffa
vulnerability_id VCID-j6cj-ftyd-3ffa
summary 
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
Older, EOL versions may also be affected.


The vulnerability is limited to the ROOT (default) web application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41080.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41080
reference_id
reference_type
scores
0
value 0.11586
scoring_system epss
scoring_elements 0.93643
published_at 2026-04-13T12:55:00Z
1
value 0.11586
scoring_system epss
scoring_elements 0.93642
published_at 2026-04-12T12:55:00Z
2
value 0.11586
scoring_system epss
scoring_elements 0.93637
published_at 2026-04-09T12:55:00Z
3
value 0.11586
scoring_system epss
scoring_elements 0.93635
published_at 2026-04-08T12:55:00Z
4
value 0.11586
scoring_system epss
scoring_elements 0.93626
published_at 2026-04-07T12:55:00Z
5
value 0.13662
scoring_system epss
scoring_elements 0.94234
published_at 2026-04-04T12:55:00Z
6
value 0.13662
scoring_system epss
scoring_elements 0.94222
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41080
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b
5
reference_url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b
6
reference_url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27
7
reference_url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
8
reference_url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:42:58Z/
url https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
10
reference_url https://security.netapp.com/advisory/ntap-20230921-0006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230921-0006
11
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5521
12
reference_url https://www.debian.org/security/2023/dsa-5522
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5522
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235370
reference_id 2235370
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2235370
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
reference_id CVE-2023-41080
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41080
16
reference_url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
reference_id GHSA-q3mw-pvr8-9ggc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3mw-pvr8-9ggc
17
reference_url https://access.redhat.com/errata/RHSA-2023:5946
reference_id RHSA-2023:5946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5946
18
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
19
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
20
reference_url https://access.redhat.com/errata/RHSA-2023:7678
reference_id RHSA-2023:7678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7678
21
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
22
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
23
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
24
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
25
reference_url https://access.redhat.com/errata/RHSA-2024:4631
reference_id RHSA-2024:4631
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4631
26
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kcx-vptm-zbds
1
vulnerability VCID-fpgj-82wf-ykbw
2
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.93
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kcx-vptm-zbds
1
vulnerability VCID-fpgj-82wf-ykbw
2
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.80
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.13
3
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-v7tp-1t4h-zqeg
2
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M11
aliases CVE-2023-41080, GHSA-q3mw-pvr8-9ggc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6cj-ftyd-3ffa
2
url VCID-stds-vw5z-auhp
vulnerability_id VCID-stds-vw5z-auhp
summary The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45143.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45143.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45143
reference_id
reference_type
scores
0
value 0.00819
scoring_system epss
scoring_elements 0.74365
published_at 2026-04-13T12:55:00Z
1
value 0.00819
scoring_system epss
scoring_elements 0.74373
published_at 2026-04-12T12:55:00Z
2
value 0.00819
scoring_system epss
scoring_elements 0.74393
published_at 2026-04-11T12:55:00Z
3
value 0.00819
scoring_system epss
scoring_elements 0.74372
published_at 2026-04-09T12:55:00Z
4
value 0.00819
scoring_system epss
scoring_elements 0.74357
published_at 2026-04-08T12:55:00Z
5
value 0.00819
scoring_system epss
scoring_elements 0.74351
published_at 2026-04-04T12:55:00Z
6
value 0.00819
scoring_system epss
scoring_elements 0.74324
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45143
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf
5
reference_url https://github.com/apache/tomcat/commit/6a0ac6a438cbbb66b6e9c5223842f53bf0cb50aa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6a0ac6a438cbbb66b6e9c5223842f53bf0cb50aa
6
reference_url https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e
7
reference_url https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:55:21Z/
url https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45143
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45143
9
reference_url https://security.gentoo.org/glsa/202305-37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:55:21Z/
url https://security.gentoo.org/glsa/202305-37
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2158695
reference_id 2158695
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2158695
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45143
reference_id CVE-2022-45143
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45143
12
reference_url https://github.com/advisories/GHSA-rq2w-37h9-vg94
reference_id GHSA-rq2w-37h9-vg94
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rq2w-37h9-vg94
13
reference_url https://access.redhat.com/errata/RHSA-2023:1663
reference_id RHSA-2023:1663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1663
14
reference_url https://access.redhat.com/errata/RHSA-2023:1664
reference_id RHSA-2023:1664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1664
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.84
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.84
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-j6cj-ftyd-3ffa
2
vulnerability VCID-v7tp-1t4h-zqeg
3
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.84
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.69
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.69
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-j6cj-ftyd-3ffa
2
vulnerability VCID-v7tp-1t4h-zqeg
3
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.69
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.2
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-j6cj-ftyd-3ffa
2
vulnerability VCID-v7tp-1t4h-zqeg
3
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.2
aliases CVE-2022-45143, GHSA-rq2w-37h9-vg94
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stds-vw5z-auhp
3
url VCID-v7tp-1t4h-zqeg
vulnerability_id VCID-v7tp-1t4h-zqeg
summary 
When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

Older, EOL versions may also be affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28708.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28708.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28708
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.2509
published_at 2026-04-02T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.24972
published_at 2026-04-08T12:55:00Z
2
value 0.00087
scoring_system epss
scoring_elements 0.24903
published_at 2026-04-07T12:55:00Z
3
value 0.00087
scoring_system epss
scoring_elements 0.25128
published_at 2026-04-04T12:55:00Z
4
value 0.00101
scoring_system epss
scoring_elements 0.27831
published_at 2026-04-13T12:55:00Z
5
value 0.00101
scoring_system epss
scoring_elements 0.2789
published_at 2026-04-12T12:55:00Z
6
value 0.00101
scoring_system epss
scoring_elements 0.27932
published_at 2026-04-11T12:55:00Z
7
value 0.00101
scoring_system epss
scoring_elements 0.27931
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28708
2
reference_url https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
5
reference_url https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab
6
reference_url https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510
7
reference_url https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f
8
reference_url https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b
9
reference_url https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:33:37Z/
url https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
10
reference_url https://security.netapp.com/advisory/ntap-20230331-0012
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230331-0012
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
13
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
14
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2180856
reference_id 2180856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2180856
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708
reference_id CVE-2023-28708
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28708
reference_id CVE-2023-28708
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28708
18
reference_url https://github.com/advisories/GHSA-2c9m-w27f-53rm
reference_id GHSA-2c9m-w27f-53rm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2c9m-w27f-53rm
19
reference_url https://access.redhat.com/errata/RHSA-2023:4909
reference_id RHSA-2023:4909
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4909
20
reference_url https://access.redhat.com/errata/RHSA-2023:4910
reference_id RHSA-2023:4910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4910
21
reference_url https://access.redhat.com/errata/RHSA-2023:6570
reference_id RHSA-2023:6570
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6570
22
reference_url https://access.redhat.com/errata/RHSA-2023:7065
reference_id RHSA-2023:7065
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7065
23
reference_url https://usn.ubuntu.com/7106-1/
reference_id USN-7106-1
reference_type
scores
url https://usn.ubuntu.com/7106-1/
24
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kcx-vptm-zbds
1
vulnerability VCID-fpgj-82wf-ykbw
2
vulnerability VCID-j6cj-ftyd-3ffa
3
vulnerability VCID-vsdf-4tfj-uybe
4
vulnerability VCID-xgr8-tpv5-q3b2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kcx-vptm-zbds
1
vulnerability VCID-fpgj-82wf-ykbw
2
vulnerability VCID-j6cj-ftyd-3ffa
3
vulnerability VCID-vsdf-4tfj-uybe
4
vulnerability VCID-xgr8-tpv5-q3b2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-j6cj-ftyd-3ffa
2
vulnerability VCID-vsdf-4tfj-uybe
3
vulnerability VCID-xgr8-tpv5-q3b2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6
3
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-xgr8-tpv5-q3b2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0
aliases CVE-2023-28708, GHSA-2c9m-w27f-53rm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7tp-1t4h-zqeg
4
url VCID-vsdf-4tfj-uybe
vulnerability_id VCID-vsdf-4tfj-uybe
summary 
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24549.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24549
reference_id
reference_type
scores
0
value 0.6439
scoring_system epss
scoring_elements 0.98441
published_at 2026-04-07T12:55:00Z
1
value 0.6439
scoring_system epss
scoring_elements 0.98449
published_at 2026-04-13T12:55:00Z
2
value 0.6439
scoring_system epss
scoring_elements 0.98446
published_at 2026-04-09T12:55:00Z
3
value 0.6439
scoring_system epss
scoring_elements 0.98445
published_at 2026-04-08T12:55:00Z
4
value 0.6439
scoring_system epss
scoring_elements 0.98439
published_at 2026-04-04T12:55:00Z
5
value 0.6439
scoring_system epss
scoring_elements 0.98436
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24549
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
5
reference_url https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5
6
reference_url https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
7
reference_url https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843
8
reference_url https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T15:00:56Z/
url https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
9
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24549
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24549
13
reference_url https://security.netapp.com/advisory/ntap-20240402-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240402-0002
14
reference_url http://www.openwall.com/lists/oss-security/2024/03/13/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/03/13/3
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878
reference_id 1066878
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066878
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2269607
reference_id 2269607
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2269607
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
reference_id CVE-2024-24549
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
18
reference_url https://github.com/advisories/GHSA-7w75-32cg-r6g2
reference_id GHSA-7w75-32cg-r6g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7w75-32cg-r6g2
19
reference_url https://access.redhat.com/errata/RHSA-2024:1318
reference_id RHSA-2024:1318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1318
20
reference_url https://access.redhat.com/errata/RHSA-2024:1319
reference_id RHSA-2024:1319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1319
21
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
22
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
23
reference_url https://access.redhat.com/errata/RHSA-2024:3307
reference_id RHSA-2024:3307
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3307
24
reference_url https://access.redhat.com/errata/RHSA-2024:3308
reference_id RHSA-2024:3308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3308
25
reference_url https://access.redhat.com/errata/RHSA-2024:3666
reference_id RHSA-2024:3666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3666
26
reference_url https://access.redhat.com/errata/RHSA-2024:3814
reference_id RHSA-2024:3814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3814
27
reference_url https://usn.ubuntu.com/7562-1/
reference_id USN-7562-1
reference_type
scores
url https://usn.ubuntu.com/7562-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.99
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.99
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.99
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.86
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.19
3
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-v7tp-1t4h-zqeg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M17
aliases CVE-2024-24549, GHSA-7w75-32cg-r6g2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsdf-4tfj-uybe
Fixing_vulnerabilities
0
url VCID-nmq2-8ysj-4fbc
vulnerability_id VCID-nmq2-8ysj-4fbc
summary If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42252.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42252
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34917
published_at 2026-04-02T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.34868
published_at 2026-04-08T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.34823
published_at 2026-04-07T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34943
published_at 2026-04-04T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.34895
published_at 2026-04-09T12:55:00Z
5
value 0.00164
scoring_system epss
scoring_elements 0.37404
published_at 2026-04-12T12:55:00Z
6
value 0.00164
scoring_system epss
scoring_elements 0.37438
published_at 2026-04-11T12:55:00Z
7
value 0.0019
scoring_system epss
scoring_elements 0.40887
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42252
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920
5
reference_url https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77
6
reference_url https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a
7
reference_url https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3
8
reference_url https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/
url https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42252
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42252
10
reference_url https://security.gentoo.org/glsa/202305-37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T15:08:43Z/
url https://security.gentoo.org/glsa/202305-37
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
13
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2141329
reference_id 2141329
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2141329
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252
reference_id CVE-2022-42252
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252
16
reference_url https://github.com/advisories/GHSA-p22x-g9px-3945
reference_id GHSA-p22x-g9px-3945
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p22x-g9px-3945
17
reference_url https://access.redhat.com/errata/RHSA-2023:1663
reference_id RHSA-2023:1663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1663
18
reference_url https://access.redhat.com/errata/RHSA-2023:1664
reference_id RHSA-2023:1664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1664
19
reference_url https://usn.ubuntu.com/6880-1/
reference_id USN-6880-1
reference_type
scores
url https://usn.ubuntu.com/6880-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.83
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.83
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-j6cj-ftyd-3ffa
2
vulnerability VCID-stds-vw5z-auhp
3
vulnerability VCID-v7tp-1t4h-zqeg
4
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.83
1
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-j6cj-ftyd-3ffa
2
vulnerability VCID-stds-vw5z-auhp
3
vulnerability VCID-v7tp-1t4h-zqeg
4
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.68
2
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.27
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wptr-hkjx-s7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.27
3
url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1
purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fpgj-82wf-ykbw
1
vulnerability VCID-j6cj-ftyd-3ffa
2
vulnerability VCID-stds-vw5z-auhp
3
vulnerability VCID-v7tp-1t4h-zqeg
4
vulnerability VCID-vsdf-4tfj-uybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.1
aliases CVE-2022-42252, GHSA-p22x-g9px-3945
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmq2-8ysj-4fbc
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.83