{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","type":"ebuild","namespace":"www-servers","name":"tomcat","version":"7.0.23","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"7.0.56","latest_non_vulnerable_version":"10.1.8","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4716?format=json","vulnerability_id":"VCID-1qt3-ctae-sfgw","summary":"Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.","references":[{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113","reference_id":"","reference_type":"","scores":[],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0119","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0580","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0582","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0582"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2693.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2693","reference_id":"","reference_type":"","scores":[{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94703","published_at":"2026-05-14T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94597","published_at":"2026-04-01T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94605","published_at":"2026-04-02T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94611","published_at":"2026-04-04T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94613","published_at":"2026-04-07T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94623","published_at":"2026-04-08T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94627","published_at":"2026-04-09T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94632","published_at":"2026-04-11T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94635","published_at":"2026-04-13T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94643","published_at":"2026-04-16T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94646","published_at":"2026-04-18T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94651","published_at":"2026-04-21T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94652","published_at":"2026-04-24T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94653","published_at":"2026-04-26T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94654","published_at":"2026-04-29T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94661","published_at":"2026-05-05T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94669","published_at":"2026-05-07T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94678","published_at":"2026-05-09T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.94685","published_at":"2026-05-11T12:55:00Z"},{"value":"0.15322","scoring_system":"epss","scoring_elements":"0.9469","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2693"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55855","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55855"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/0299cb724ea71f304d54adfcdb950f59b01fb421","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/0299cb724ea71f304d54adfcdb950f59b01fb421"},{"reference_url":"https://github.com/apache/tomcat/commit/3e1010b1a2f648581fac3d68afbf18f2979f6bf6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3e1010b1a2f648581fac3d68afbf18f2979f6bf6"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19355","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19355"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7017","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7017"},{"reference_url":"https://support.hpe.com/hpesc/public/docDisplay?docId=c02241113","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpesc/public/docDisplay?docId=c02241113"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=892815","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=892815"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=902650","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=902650"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://svn.apache.org/viewvc?rev=892815&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=892815&view=rev"},{"reference_url":"http://svn.apache.org/viewvc?rev=902650&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=902650&view=rev"},{"reference_url":"https://web.archive.org/web/20200229071135/http://www.securityfocus.com/bid/37944","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229071135/http://www.securityfocus.com/bid/37944"},{"reference_url":"https://web.archive.org/web/20200516121700/http://www.securityfocus.com/archive/1/516397/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200516121700/http://www.securityfocus.com/archive/1/516397/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20201206235536/http://www.securityfocus.com/archive/1/509148/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201206235536/http://www.securityfocus.com/archive/1/509148/100/0/threaded"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://ubuntu.com/usn/usn-899-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-899-1"},{"reference_url":"http://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0119.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2010-0119.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0580.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2010-0580.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0582.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2010-0582.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html"},{"reference_url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=559738","reference_id":"559738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=559738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693","reference_id":"CVE-2009-2693","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2693","reference_id":"CVE-2009-2693","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2693"},{"reference_url":"https://github.com/advisories/GHSA-ggx9-4728-588r","reference_id":"GHSA-ggx9-4728-588r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ggx9-4728-588r"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0693","reference_id":"RHSA-2010:0693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0693"},{"reference_url":"https://usn.ubuntu.com/899-1/","reference_id":"USN-899-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/899-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2009-2693","GHSA-ggx9-4728-588r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qt3-ctae-sfgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4640?format=json","vulnerability_id":"VCID-1v6c-f56v-hqh1","summary":"The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0074","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0075","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0075"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0076","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0076"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5062.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5062","reference_id":"","reference_type":"","scores":[{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90129","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90018","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90033","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90039","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90048","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90046","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.9004","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90056","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90057","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90055","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90072","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90071","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90083","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90098","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.9011","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90106","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90114","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.89998","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.9","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90013","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5062"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57126"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584"},{"reference_url":"https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1087655","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=rev&rev=1087655"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1158180","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=rev&rev=1158180"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1159309","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=rev&rev=1159309"},{"reference_url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2012/dsa-2401","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741401","reference_id":"741401","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741401"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-5062","reference_id":"CVE-2011-5062","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-5062"},{"reference_url":"https://github.com/advisories/GHSA-4f7h-9j2x-cmr4","reference_id":"GHSA-4f7h-9j2x-cmr4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f7h-9j2x-cmr4"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1780","reference_id":"RHSA-2011:1780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0041","reference_id":"RHSA-2012:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0077","reference_id":"RHSA-2012:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0078","reference_id":"RHSA-2012:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0091","reference_id":"RHSA-2012:0091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0325","reference_id":"RHSA-2012:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0679","reference_id":"RHSA-2012:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0680","reference_id":"RHSA-2012:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0681","reference_id":"RHSA-2012:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0682","reference_id":"RHSA-2012:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-5062","GHSA-4f7h-9j2x-cmr4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v6c-f56v-hqh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4599?format=json","vulnerability_id":"VCID-241m-q6vd-kudk","summary":"Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0074","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0075","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0075"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0076","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0076"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2526.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2526.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2526","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31881","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32384","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32534","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3257","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32394","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32442","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32469","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32473","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32434","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32407","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32444","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32422","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32392","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32218","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32097","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32013","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31872","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31944","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31952","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31858","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2526"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=720948","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=720948"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/68541","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/68541"},{"reference_url":"https://github.com/apache/tomcat55/commit/e67f6882118f2a8285e4e8acd050dad64a3ef3e4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/e67f6882118f2a8285e4e8acd050dad64a3ef3e4"},{"reference_url":"https://github.com/apache/tomcat/commit/1d372c881eafd9ffe729996f8560fd5fe50cd39d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1d372c881eafd9ffe729996f8560fd5fe50cd39d"},{"reference_url":"https://github.com/apache/tomcat/commit/2e69497fa7b1444632c6dadb64a4a82e18478ee6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2e69497fa7b1444632c6dadb64a4a82e18478ee6"},{"reference_url":"https://github.com/apache/tomcat/commit/48dded4ab1209a030770ab67a789d3b2528b6329","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/48dded4ab1209a030770ab67a789d3b2528b6329"},{"reference_url":"https://github.com/apache/tomcat/commit/ff8789737a0a64c12d68929497f16d8021052048","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ff8789737a0a64c12d68929497f16d8021052048"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1145383","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1145383"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1145489","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1145489"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1145571","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1145571"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1145694","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1145694"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1146005","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1146005"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1146703","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1146703"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1158244","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1158244"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1145383","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1145383"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1145571","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1145571"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1145694","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1145694"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1146005","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1146005"},{"reference_url":"https://web.archive.org/web/20110717104325/http://www.securityfocus.com/bid/48667","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110717104325/http://www.securityfocus.com/bid/48667"},{"reference_url":"https://web.archive.org/web/20111110135231/http://www.securityfocus.com/archive/1/518889/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111110135231/http://www.securityfocus.com/archive/1/518889/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20121025191346/http://secunia.com/advisories/45232","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121025191346/http://secunia.com/advisories/45232"},{"reference_url":"https://web.archive.org/web/20140802025928/http://secunia.com/advisories/48308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140802025928/http://secunia.com/advisories/48308"},{"reference_url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126"},{"reference_url":"https://web.archive.org/web/20160101172212/http://rhn.redhat.com/errata/RHSA-2012-0078.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160101172212/http://rhn.redhat.com/errata/RHSA-2012-0078.html"},{"reference_url":"https://web.archive.org/web/20160101172638/http://rhn.redhat.com/errata/RHSA-2012-0077.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160101172638/http://rhn.redhat.com/errata/RHSA-2012-0077.html"},{"reference_url":"https://web.archive.org/web/20160101195415/http://rhn.redhat.com/errata/RHSA-2012-0325.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160101195415/http://rhn.redhat.com/errata/RHSA-2012-0325.html"},{"reference_url":"https://web.archive.org/web/20161107143207/http://www.securitytracker.com/id?1025788","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161107143207/http://www.securitytracker.com/id?1025788"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2012/dsa-2401","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2401"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:156","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526","reference_id":"CVE-2011-2526","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2526","reference_id":"CVE-2011-2526","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2526"},{"reference_url":"https://github.com/advisories/GHSA-9ggm-7897-x4mg","reference_id":"GHSA-9ggm-7897-x4mg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9ggm-7897-x4mg"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1780","reference_id":"RHSA-2011:1780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0041","reference_id":"RHSA-2012:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0077","reference_id":"RHSA-2012:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0078","reference_id":"RHSA-2012:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0091","reference_id":"RHSA-2012:0091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0325","reference_id":"RHSA-2012:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0679","reference_id":"RHSA-2012:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0680","reference_id":"RHSA-2012:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0681","reference_id":"RHSA-2012:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0682","reference_id":"RHSA-2012:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0682"},{"reference_url":"https://usn.ubuntu.com/1252-1/","reference_id":"USN-1252-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1252-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-2526","GHSA-9ggm-7897-x4mg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-241m-q6vd-kudk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4743?format=json","vulnerability_id":"VCID-4rcx-xfn5-7kdb","summary":"Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0580.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0580.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0580","reference_id":"","reference_type":"","scores":[{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99492","published_at":"2026-04-21T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99483","published_at":"2026-04-02T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99485","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99487","published_at":"2026-04-07T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.995","published_at":"2026-05-14T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99488","published_at":"2026-04-08T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99493","published_at":"2026-04-24T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99499","published_at":"2026-05-12T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99489","published_at":"2026-04-13T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.9949","published_at":"2026-04-11T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99498","published_at":"2026-05-11T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99496","published_at":"2026-05-09T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99495","published_at":"2026-05-07T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99494","published_at":"2026-04-29T12:55:00Z"},{"value":"0.88173","scoring_system":"epss","scoring_elements":"0.99491","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0580"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50930","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50930"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"},{"reference_url":"https://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101"},{"reference_url":"https://svn.apache.org/viewvc?rev=747840&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?rev=747840&view=rev"},{"reference_url":"https://svn.apache.org/viewvc?rev=781379&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?rev=781379&view=rev"},{"reference_url":"https://svn.apache.org/viewvc?rev=781382&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?rev=781382&view=rev"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=747840","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=747840"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=781379","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=781379"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=781382","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=781382"},{"reference_url":"https://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-4.html"},{"reference_url":"https://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-5.html"},{"reference_url":"https://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-6.html"},{"reference_url":"https://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2011/dsa-2207"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503978","reference_id":"503978","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503978"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580","reference_id":"CVE-2009-0580","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0580","reference_id":"CVE-2009-0580","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0580"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33023.txt","reference_id":"CVE-2009-0580;OSVDB-55055","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33023.txt"},{"reference_url":"https://www.securityfocus.com/bid/35196/info","reference_id":"CVE-2009-0580;OSVDB-55055","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35196/info"},{"reference_url":"https://github.com/advisories/GHSA-w227-xcfx-3pj8","reference_id":"GHSA-w227-xcfx-3pj8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w227-xcfx-3pj8"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1143","reference_id":"RHSA-2009:1143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1144","reference_id":"RHSA-2009:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1145","reference_id":"RHSA-2009:1145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1146","reference_id":"RHSA-2009:1146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1454","reference_id":"RHSA-2009:1454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1506","reference_id":"RHSA-2009:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1563","reference_id":"RHSA-2009:1563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1616","reference_id":"RHSA-2009:1616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1616"},{"reference_url":"https://usn.ubuntu.com/788-1/","reference_id":"USN-788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2009-0580","GHSA-w227-xcfx-3pj8"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4rcx-xfn5-7kdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4611?format=json","vulnerability_id":"VCID-5eqm-218u-p7gq","summary":"The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to \"a mix-up of responses for requests from different users.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1475.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1475","reference_id":"","reference_type":"","scores":[{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93666","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93759","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93746","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93741","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.9374","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93731","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93719","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93713","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93716","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93711","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93708","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93701","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93684","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93683","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93679","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93676","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93657","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11701","scoring_system":"epss","scoring_elements":"0.93668","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1475"},{"reference_url":"http://seclists.org/fulldisclosure/2011/Apr/97","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2011/Apr/97"},{"reference_url":"http://securityreason.com/securityalert/8188","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8188"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/66676","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/66676"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/d2e8f2ede7dea39f75f68384f331f38f094e4ed3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d2e8f2ede7dea39f75f68384f331f38f094e4ed3"},{"reference_url":"https://github.com/apache/tomcat/commit/fd8a579e0e2379a84826b11700adf396e4ed2041","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fd8a579e0e2379a84826b11700adf396e4ed2041"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=50957","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=50957"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1475","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1475"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1086349","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1086349"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1086352","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1086352"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1086349","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1086349"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1086352","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1086352"},{"reference_url":"https://web.archive.org/web/20120605200856/http://www.securityfocus.com/bid/47199","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120605200856/http://www.securityfocus.com/bid/47199"},{"reference_url":"https://web.archive.org/web/20170202012852/http://www.securityfocus.com/archive/1/517363","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170202012852/http://www.securityfocus.com/archive/1/517363"},{"reference_url":"https://web.archive.org/web/20170317142459/http://www.securitytracker.com/id?1025303","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170317142459/http://www.securitytracker.com/id?1025303"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.securityfocus.com/archive/1/517363","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/517363"},{"reference_url":"http://www.securityfocus.com/bid/47199","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/47199"},{"reference_url":"http://www.securitytracker.com/id?1025303","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025303"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0894","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=708969","reference_id":"708969","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=708969"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475","reference_id":"CVE-2011-1475","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475"},{"reference_url":"https://github.com/advisories/GHSA-h6c8-rg87-f3pc","reference_id":"GHSA-h6c8-rg87-f3pc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6c8-rg87-f3pc"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-1475","GHSA-h6c8-rg87-f3pc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5eqm-218u-p7gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4597?format=json","vulnerability_id":"VCID-618c-ar98-qfcr","summary":"native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2729.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2729.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2729","reference_id":"","reference_type":"","scores":[{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92597","published_at":"2026-05-14T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92479","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92485","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92494","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92497","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92509","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92514","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.9252","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92521","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92531","published_at":"2026-04-16T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.9253","published_at":"2026-04-18T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92534","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92535","published_at":"2026-04-24T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92536","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92532","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92541","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92552","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92563","published_at":"2026-05-09T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92566","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08784","scoring_system":"epss","scoring_elements":"0.92572","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2729"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1153379","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1153379"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1153824","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1153824"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1159346","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1159346"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730400","reference_id":"730400","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729","reference_id":"CVE-2011-2729","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1291","reference_id":"RHSA-2011:1291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1292","reference_id":"RHSA-2011:1292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1292"},{"reference_url":"https://usn.ubuntu.com/1298-1/","reference_id":"USN-1298-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1298-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-2729"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-618c-ar98-qfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4626?format=json","vulnerability_id":"VCID-7ej8-5f77-cybb","summary":"Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.","references":[{"reference_url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"http://osvdb.org/70809","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/70809"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0534.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0534.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0534","reference_id":"","reference_type":"","scores":[{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94803","published_at":"2026-04-02T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94893","published_at":"2026-05-14T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94882","published_at":"2026-05-12T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94829","published_at":"2026-04-12T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94826","published_at":"2026-04-11T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94822","published_at":"2026-04-09T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94817","published_at":"2026-04-08T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94808","published_at":"2026-04-07T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94806","published_at":"2026-04-04T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94793","published_at":"2026-04-01T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94876","published_at":"2026-05-11T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94872","published_at":"2026-05-09T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94861","published_at":"2026-05-07T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94854","published_at":"2026-05-05T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94846","published_at":"2026-04-29T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94845","published_at":"2026-04-26T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94843","published_at":"2026-04-21T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.9484","published_at":"2026-04-18T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.94837","published_at":"2026-04-16T12:55:00Z"},{"value":"0.16272","scoring_system":"epss","scoring_elements":"0.9483","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0534"},{"reference_url":"http://secunia.com/advisories/43192","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43192"},{"reference_url":"http://secunia.com/advisories/45022","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/45022"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57126"},{"reference_url":"http://securityreason.com/securityalert/8074","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8074"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65162","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65162"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8"},{"reference_url":"https://support.apple.com/kb/HT5002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT5002"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1065939","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1065939"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1066313","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1066313"},{"reference_url":"http://support.apple.com/kb/HT5002","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT5002"},{"reference_url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"},{"reference_url":"https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022"},{"reference_url":"https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074"},{"reference_url":"https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192"},{"reference_url":"https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027"},{"reference_url":"https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164"},{"reference_url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126"},{"reference_url":"https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded"},{"reference_url":"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32"},{"reference_url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_%28released_5_Feb_2011%29","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_%28released_5_Feb_2011%29"},{"reference_url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)"},{"reference_url":"http://www.debian.org/security/2011/dsa-2160","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2160"},{"reference_url":"http://www.securityfocus.com/archive/1/516214/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/516214/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/46164","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46164"},{"reference_url":"http://www.securitytracker.com/id?1025027","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025027"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0293","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0293"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675338","reference_id":"675338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675338"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534","reference_id":"CVE-2011-0534","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0534","reference_id":"CVE-2011-0534","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0534"},{"reference_url":"https://github.com/advisories/GHSA-43v2-6grp-9pp9","reference_id":"GHSA-43v2-6grp-9pp9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43v2-6grp-9pp9"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0335","reference_id":"RHSA-2011:0335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0348","reference_id":"RHSA-2011:0348","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0348"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0350","reference_id":"RHSA-2011:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0350"},{"reference_url":"https://usn.ubuntu.com/1097-1/","reference_id":"USN-1097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1097-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-0534","GHSA-43v2-6grp-9pp9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ej8-5f77-cybb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4725?format=json","vulnerability_id":"VCID-7kjm-p97s-zuh8","summary":"Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.","references":[{"reference_url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1157.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1157.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1157","reference_id":"","reference_type":"","scores":[{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95711","published_at":"2026-04-04T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95744","published_at":"2026-04-18T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95741","published_at":"2026-04-16T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95731","published_at":"2026-04-13T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.9573","published_at":"2026-04-12T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95727","published_at":"2026-04-09T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95697","published_at":"2026-04-01T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95706","published_at":"2026-04-02T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95715","published_at":"2026-04-07T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95791","published_at":"2026-05-14T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95778","published_at":"2026-05-12T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95773","published_at":"2026-05-11T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95768","published_at":"2026-05-09T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95762","published_at":"2026-05-07T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.9576","published_at":"2026-05-05T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95745","published_at":"2026-04-29T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95747","published_at":"2026-04-26T12:55:00Z"},{"value":"0.21653","scoring_system":"epss","scoring_elements":"0.95746","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1157"},{"reference_url":"http://secunia.com/advisories/39574","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/39574"},{"reference_url":"http://secunia.com/advisories/42368","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/42368"},{"reference_url":"http://secunia.com/advisories/43310","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43310"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57126"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"},{"reference_url":"https://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492"},{"reference_url":"https://support.apple.com/kb/HT5002","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT5002"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=936540","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=936540"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=936541","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=936541"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=936540","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=936540"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=936541","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=936541"},{"reference_url":"https://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-5.html"},{"reference_url":"https://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-6.html"},{"reference_url":"http://support.apple.com/kb/HT5002","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT5002"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=936540","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=936540"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=936541","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=936541"},{"reference_url":"https://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html"},{"reference_url":"http://www.securityfocus.com/archive/1/510879/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/510879/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/516397/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/516397/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/39635","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/39635"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html"},{"reference_url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0980","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/0980"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3056","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/3056"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=585331","reference_id":"585331","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=585331"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157","reference_id":"CVE-2010-1157","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/12343.txt","reference_id":"CVE-2010-1157","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/12343.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1157","reference_id":"CVE-2010-1157","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1157"},{"reference_url":"https://github.com/advisories/GHSA-w6q7-ww2x-7gm3","reference_id":"GHSA-w6q7-ww2x-7gm3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6q7-ww2x-7gm3"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0584","reference_id":"RHSA-2010:0584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0584"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2010-1157","GHSA-w6q7-ww2x-7gm3"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kjm-p97s-zuh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4634?format=json","vulnerability_id":"VCID-886n-1vzv-syc6","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.","references":[{"reference_url":"http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html","reference_id":"","reference_type":"","scores":[],"url":"http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html"},{"reference_url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4172.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4172.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4172","reference_id":"","reference_type":"","scores":[{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93722","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93823","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.9381","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93805","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93803","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93725","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93793","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93782","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93773","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93776","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93772","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93769","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93763","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.9374","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93703","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93736","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93712","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93734","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4172"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=656246","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=656246"},{"reference_url":"http://secunia.com/advisories/42337","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/42337"},{"reference_url":"http://secunia.com/advisories/43019","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43019"},{"reference_url":"http://secunia.com/advisories/45022","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/45022"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57126"},{"reference_url":"http://securitytracker.com/id?1024764","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1024764"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/63422","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/63422"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/5971f9392edc6d70808b2599b062b050fcd11d23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5971f9392edc6d70808b2599b062b050fcd11d23"},{"reference_url":"https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"https://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1037778","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1037778"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1037779","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1037779"},{"reference_url":"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.5"},{"reference_url":"http://support.apple.com/kb/HT5002","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT5002"},{"reference_url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html","reference_id":"","reference_type":"","scores":[],"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1037778","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=1037778"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1037779","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=1037779"},{"reference_url":"https://www.redhat.com/support/errata/RHSA-2011-0896.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/support/errata/RHSA-2011-0896.html"},{"reference_url":"https://www.redhat.com/support/errata/RHSA-2011-0897.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/support/errata/RHSA-2011-0897.html"},{"reference_url":"https://www.securityfocus.com/archive/1/514866/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.securityfocus.com/archive/1/514866/100/0/threaded"},{"reference_url":"https://www.ubuntu.com/usn/USN-1048-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ubuntu.com/usn/USN-1048-1"},{"reference_url":"https://www.vupen.com/english/advisories/2010/3047","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vupen.com/english/advisories/2010/3047"},{"reference_url":"https://www.vupen.com/english/advisories/2011/0203","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vupen.com/english/advisories/2011/0203"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0791.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0791.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html"},{"reference_url":"http://www.securityfocus.com/archive/1/514866/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/514866/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/45015","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/45015"},{"reference_url":"http://www.ubuntu.com/usn/USN-1048-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1048-1"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3047","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/3047"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0203","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0203"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172","reference_id":"CVE-2010-4172","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""},{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4172","reference_id":"CVE-2010-4172","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4172"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35011.txt","reference_id":"CVE-2010-4172;OSVDB-69456","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35011.txt"},{"reference_url":"https://www.securityfocus.com/bid/45015/info","reference_id":"CVE-2010-4172;OSVDB-69456","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/45015/info"},{"reference_url":"https://github.com/advisories/GHSA-c78g-qwpw-2jgv","reference_id":"GHSA-c78g-qwpw-2jgv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c78g-qwpw-2jgv"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://usn.ubuntu.com/1048-1/","reference_id":"USN-1048-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1048-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2010-4172","GHSA-c78g-qwpw-2jgv"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-886n-1vzv-syc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4780?format=json","vulnerability_id":"VCID-8ebv-6941-jqdy","summary":"The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0074","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0075","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0075"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0076","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0076"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5063.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5063.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5063","reference_id":"","reference_type":"","scores":[{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83697","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83472","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83471","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83505","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83519","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83513","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.8351","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83544","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83545","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83546","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.8357","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83577","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83582","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83605","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83626","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83645","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83661","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83445","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01962","scoring_system":"epss","scoring_elements":"0.83458","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5063"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57126"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584"},{"reference_url":"https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1087655","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=rev&rev=1087655"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1158180","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=rev&rev=1158180"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1159309","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=rev&rev=1159309"},{"reference_url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2012/dsa-2401","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741401","reference_id":"741401","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741401"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-5063","reference_id":"CVE-2011-5063","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-5063"},{"reference_url":"https://github.com/advisories/GHSA-hffm-fqv4-w27r","reference_id":"GHSA-hffm-fqv4-w27r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hffm-fqv4-w27r"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1780","reference_id":"RHSA-2011:1780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0041","reference_id":"RHSA-2012:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0077","reference_id":"RHSA-2012:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0078","reference_id":"RHSA-2012:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0091","reference_id":"RHSA-2012:0091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0325","reference_id":"RHSA-2012:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0679","reference_id":"RHSA-2012:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0680","reference_id":"RHSA-2012:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0681","reference_id":"RHSA-2012:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0682","reference_id":"RHSA-2012:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-5063","GHSA-hffm-fqv4-w27r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ebv-6941-jqdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4570?format=json","vulnerability_id":"VCID-95fn-d2ad-qyg6","summary":"Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E"},{"reference_url":"http://markmail.org/message/lzx5273wsgl5pob6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://markmail.org/message/lzx5273wsgl5pob6"},{"reference_url":"http://markmail.org/message/yzmyn44f5aetmm2r","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://markmail.org/message/yzmyn44f5aetmm2r"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1088.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1088.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1088","reference_id":"","reference_type":"","scores":[{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94903","published_at":"2026-05-09T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94893","published_at":"2026-05-07T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94886","published_at":"2026-05-05T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94878","published_at":"2026-04-29T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94875","published_at":"2026-04-21T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94872","published_at":"2026-04-18T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94868","published_at":"2026-04-16T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94861","published_at":"2026-04-13T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94824","published_at":"2026-04-01T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94924","published_at":"2026-05-14T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94914","published_at":"2026-05-12T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94908","published_at":"2026-05-11T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94859","published_at":"2026-04-12T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94856","published_at":"2026-04-11T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94852","published_at":"2026-04-09T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94848","published_at":"2026-04-08T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94839","published_at":"2026-04-07T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94836","published_at":"2026-04-04T12:55:00Z"},{"value":"0.16364","scoring_system":"epss","scoring_elements":"0.94833","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1088"},{"reference_url":"http://secunia.com/advisories/43684","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/43684"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65971","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65971"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/02780bbc6089a12b19d3d5e5dc810455ac6bfe92","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/02780bbc6089a12b19d3d5e5dc810455ac6bfe92"},{"reference_url":"https://github.com/apache/tomcat/commit/0a5a19f0c3b8d199b7335da5f88e956f59926673","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0a5a19f0c3b8d199b7335da5f88e956f59926673"},{"reference_url":"https://github.com/apache/tomcat/commit/0f95cb7401acdbfc9b65c878948b84bb496f2386","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0f95cb7401acdbfc9b65c878948b84bb496f2386"},{"reference_url":"https://github.com/apache/tomcat/commit/0ff4905158b77787a7f3aca55c9dec93456665dc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0ff4905158b77787a7f3aca55c9dec93456665dc"},{"reference_url":"https://github.com/apache/tomcat/commit/13fe121edb6f2b597d2b82725f1b01296ac78ebd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/13fe121edb6f2b597d2b82725f1b01296ac78ebd"},{"reference_url":"https://github.com/apache/tomcat/commit/149af600532df6a24b1f7fc93607d764dfc9a7ea","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/149af600532df6a24b1f7fc93607d764dfc9a7ea"},{"reference_url":"https://github.com/apache/tomcat/commit/1b2d5e90d271ab087a36b556eb17519454170529","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1b2d5e90d271ab087a36b556eb17519454170529"},{"reference_url":"https://github.com/apache/tomcat/commit/2d7dbfe4c63a4242a9b28fdb662d91ceb7a84630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2d7dbfe4c63a4242a9b28fdb662d91ceb7a84630"},{"reference_url":"https://github.com/apache/tomcat/commit/3ac2b5c1611af51ee5438fd32a3254a2de1878ce","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3ac2b5c1611af51ee5438fd32a3254a2de1878ce"},{"reference_url":"https://github.com/apache/tomcat/commit/3e5b0455483eed55752047073e92403bfca8d3ec","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3e5b0455483eed55752047073e92403bfca8d3ec"},{"reference_url":"https://github.com/apache/tomcat/commit/5c8560f3054982abaa476d87ec031c439d58d66e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5c8560f3054982abaa476d87ec031c439d58d66e"},{"reference_url":"https://github.com/apache/tomcat/commit/63fd724e129b647b7d9026ae29513dd6b774b4b5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/63fd724e129b647b7d9026ae29513dd6b774b4b5"},{"reference_url":"https://github.com/apache/tomcat/commit/880b1a4fc424625b56c8bcd9ebf6bfe966a1dadd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/880b1a4fc424625b56c8bcd9ebf6bfe966a1dadd"},{"reference_url":"https://github.com/apache/tomcat/commit/9c90bdc1ad942374b1bb6b147613497970b3c8e1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9c90bdc1ad942374b1bb6b147613497970b3c8e1"},{"reference_url":"https://github.com/apache/tomcat/commit/b1d1047a4c0a7754cabf57ac0303f92e4e77ef58","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b1d1047a4c0a7754cabf57ac0303f92e4e77ef58"},{"reference_url":"https://github.com/apache/tomcat/commit/dbac5e24759954daed3c584abb5d466fcf42dd4b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/dbac5e24759954daed3c584abb5d466fcf42dd4b"},{"reference_url":"https://github.com/apache/tomcat/commit/dd10265436ea8b2fe35f1a8b09bc7390acbea269","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/dd10265436ea8b2fe35f1a8b09bc7390acbea269"},{"reference_url":"https://github.com/apache/tomcat/commit/ece65c1a428094b1c6c17de3d7593f64e1bb1286","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ece65c1a428094b1c6c17de3d7593f64e1bb1286"},{"reference_url":"https://github.com/apache/tomcat/commit/ee627412570268df47a075f5d4dc5f7debf39fad","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ee627412570268df47a075f5d4dc5f7debf39fad"},{"reference_url":"https://github.com/apache/tomcat/commit/f528992ec6cd7b62c9ced5b3a7dc4cda6bfd1a5e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f528992ec6cd7b62c9ced5b3a7dc4cda6bfd1a5e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1088","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1088"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1076586","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1076586"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1076587","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1076587"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1077995","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1077995"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1079752","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1079752"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1076586","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1076586"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1076587","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1076587"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1077995","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1077995"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.osvdb.org/71027","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.osvdb.org/71027"},{"reference_url":"http://www.securityfocus.com/archive/1/517013/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/517013/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/46685","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/46685"},{"reference_url":"http://www.securitytracker.com/id?1025215","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id?1025215"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0563","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2011/0563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=708955","reference_id":"708955","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=708955"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1088","reference_id":"CVE-2011-1088","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1088"},{"reference_url":"https://github.com/advisories/GHSA-mg4v-rf8p-ghqq","reference_id":"GHSA-mg4v-rf8p-ghqq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg4v-rf8p-ghqq"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-1088","GHSA-mg4v-rf8p-ghqq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95fn-d2ad-qyg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4746?format=json","vulnerability_id":"VCID-bung-pa58-ayfv","summary":"Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to \"invalid HTML.\"","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1164","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1562","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1562"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0781.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0781.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2009-0781","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2009-0781"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0781","reference_id":"","reference_type":"","scores":[{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97207","published_at":"2026-05-11T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97202","published_at":"2026-05-09T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97213","published_at":"2026-05-12T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97171","published_at":"2026-04-12T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97167","published_at":"2026-04-09T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97166","published_at":"2026-04-08T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97156","published_at":"2026-04-07T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97155","published_at":"2026-04-04T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97149","published_at":"2026-04-02T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97142","published_at":"2026-04-01T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.9722","published_at":"2026-05-14T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97197","published_at":"2026-05-07T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97193","published_at":"2026-05-05T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97189","published_at":"2026-04-29T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97187","published_at":"2026-04-26T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97185","published_at":"2026-04-24T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97181","published_at":"2026-04-18T12:55:00Z"},{"value":"0.37304","scoring_system":"epss","scoring_elements":"0.97179","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0781"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=489028","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=489028"},{"reference_url":"http://secunia.com/advisories/35685","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/35685"},{"reference_url":"http://secunia.com/advisories/35788","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/35788"},{"reference_url":"http://secunia.com/advisories/37460","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/37460"},{"reference_url":"http://secunia.com/advisories/42368","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/42368"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49213","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49213"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=750924","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=750924"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=750927","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=750927"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=750928","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=750928"},{"reference_url":"https://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-4.html"},{"reference_url":"https://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-5.html"},{"reference_url":"https://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-6.html"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1","reference_id":"","reference_type":"","scores":[],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"https://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2011/dsa-2207"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"},{"reference_url":"http://www.securityfocus.com/archive/1/501538/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/501538/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1856","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/1856"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3316","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/3316"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3056","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/3056"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781","reference_id":"CVE-2009-0781","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0781","reference_id":"CVE-2009-0781","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0781"},{"reference_url":"https://github.com/advisories/GHSA-j788-fx57-99wp","reference_id":"GHSA-j788-fx57-99wp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j788-fx57-99wp"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://usn.ubuntu.com/788-1/","reference_id":"USN-788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2009-0781","GHSA-j788-fx57-99wp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bung-pa58-ayfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4616?format=json","vulnerability_id":"VCID-d9ys-kxh6-nkgr","summary":"The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1184.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1184","reference_id":"","reference_type":"","scores":[{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84712","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84571","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84572","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84599","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84607","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84609","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84625","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84651","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84667","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84664","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84681","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84474","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.8449","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84511","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84513","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84535","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84541","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84559","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.84554","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.8455","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02237","scoring_system":"epss","scoring_elements":"0.8457","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1184"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/644dfdf96cf82fcd2a2046d93f2b5495f7e94584"},{"reference_url":"https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/639e20992a66d7a42fb59c974db91c8a0f730a1e"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1087655","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1087655"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1158180","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1158180"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1159309","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1159309"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1087655","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=rev&rev=1087655"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1158180","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=rev&rev=1158180"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1159309","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=rev&rev=1159309"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2012/dsa-2401","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2012/dsa-2401"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-1845.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-1845.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741401","reference_id":"741401","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184","reference_id":"CVE-2011-1184","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1184","reference_id":"CVE-2011-1184","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1184"},{"reference_url":"https://github.com/advisories/GHSA-q9xf-jwr4-v445","reference_id":"GHSA-q9xf-jwr4-v445","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q9xf-jwr4-v445"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1780","reference_id":"RHSA-2011:1780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0041","reference_id":"RHSA-2012:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0077","reference_id":"RHSA-2012:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0078","reference_id":"RHSA-2012:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0091","reference_id":"RHSA-2012:0091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0325","reference_id":"RHSA-2012:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0679","reference_id":"RHSA-2012:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0680","reference_id":"RHSA-2012:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0681","reference_id":"RHSA-2012:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0682","reference_id":"RHSA-2012:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0682"},{"reference_url":"https://usn.ubuntu.com/1252-1/","reference_id":"USN-1252-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1252-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-1184","GHSA-q9xf-jwr4-v445"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9ys-kxh6-nkgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4740?format=json","vulnerability_id":"VCID-dcrp-rae1-zfcm","summary":"Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN87272440/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN87272440/index.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0033.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0033.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0033","reference_id":"","reference_type":"","scores":[{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94319","published_at":"2026-05-05T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94314","published_at":"2026-04-29T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94315","published_at":"2026-04-26T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94311","published_at":"2026-04-21T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94306","published_at":"2026-04-16T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94291","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.9429","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94287","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94282","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94273","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94252","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94347","published_at":"2026-05-11T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94353","published_at":"2026-05-12T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94367","published_at":"2026-05-14T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94329","published_at":"2026-05-07T12:55:00Z"},{"value":"0.13832","scoring_system":"epss","scoring_elements":"0.94341","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0033"},{"reference_url":"http://securitytracker.com/id?1022331","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securitytracker.com/id?1022331"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50928","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50928"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=742915","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=742915"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=781362","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=781362"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://svn.apache.org/viewvc?rev=742915&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=742915&view=rev"},{"reference_url":"http://svn.apache.org/viewvc?rev=781362&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=781362&view=rev"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"},{"reference_url":"http://www.securityfocus.com/archive/1/504044/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/504044/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/35193","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/35193"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=493381","reference_id":"493381","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=493381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033","reference_id":"CVE-2009-0033","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0033","reference_id":"CVE-2009-0033","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0033"},{"reference_url":"https://github.com/advisories/GHSA-5cw4-ggx9-36vg","reference_id":"GHSA-5cw4-ggx9-36vg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cw4-ggx9-36vg"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1454","reference_id":"RHSA-2009:1454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1506","reference_id":"RHSA-2009:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1563","reference_id":"RHSA-2009:1563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1616","reference_id":"RHSA-2009:1616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1616"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1617","reference_id":"RHSA-2009:1617","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1617"},{"reference_url":"https://usn.ubuntu.com/788-1/","reference_id":"USN-788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2009-0033","GHSA-5cw4-ggx9-36vg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dcrp-rae1-zfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4631?format=json","vulnerability_id":"VCID-dhun-hj5q-dfch","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.","references":[{"reference_url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=130168502603566&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=130168502603566&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0791","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:0791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0896","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:0896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0897","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1845","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:1845"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0013.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0013.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2011-0013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2011-0013"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0013","reference_id":"","reference_type":"","scores":[{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96315","published_at":"2026-05-14T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96218","published_at":"2026-04-01T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96226","published_at":"2026-04-02T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96237","published_at":"2026-04-07T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96249","published_at":"2026-04-09T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96253","published_at":"2026-04-12T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96254","published_at":"2026-04-13T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96263","published_at":"2026-04-16T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96268","published_at":"2026-04-18T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96269","published_at":"2026-04-21T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.9627","published_at":"2026-04-24T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96271","published_at":"2026-04-26T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96273","published_at":"2026-04-29T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96285","published_at":"2026-05-05T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96291","published_at":"2026-05-07T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96297","published_at":"2026-05-09T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.963","published_at":"2026-05-11T12:55:00Z"},{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96306","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675786","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675786"},{"reference_url":"http://secunia.com/advisories/43192","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43192"},{"reference_url":"http://secunia.com/advisories/45022","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/45022"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57126"},{"reference_url":"http://securityreason.com/securityalert/8093","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/8093"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/863d77c7d321245de019ac32252828e0a025c5b4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/863d77c7d321245de019ac32252828e0a025c5b4"},{"reference_url":"https://github.com/apache/tomcat/commit/58223c5ecc0751c3642c810f291b8f033d33b97f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/58223c5ecc0751c3642c810f291b8f033d33b97f"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1057270","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1057270"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1057279","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1057279"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1057518","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1057518"},{"reference_url":"http://support.apple.com/kb/HT5002","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5002"},{"reference_url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"},{"reference_url":"https://web.archive.org/web/20111227000129/http://secunia.com/advisories/45022","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111227000129/http://secunia.com/advisories/45022"},{"reference_url":"https://web.archive.org/web/20111229163935/http://secunia.com/advisories/43192","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111229163935/http://secunia.com/advisories/43192"},{"reference_url":"https://web.archive.org/web/20120126065143/http://www.securityfocus.com/archive/1/516209/30/90/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120126065143/http://www.securityfocus.com/archive/1/516209/30/90/threaded"},{"reference_url":"https://web.archive.org/web/20120126070320/http://www.securitytracker.com/id?1025026","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120126070320/http://www.securitytracker.com/id?1025026"},{"reference_url":"https://web.archive.org/web/20120213130147/http://www.securityfocus.com/bid/46174","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120213130147/http://www.securityfocus.com/bid/46174"},{"reference_url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126"},{"reference_url":"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32"},{"reference_url":"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30"},{"reference_url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29"},{"reference_url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011)","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011)"},{"reference_url":"http://www.debian.org/security/2011/dsa-2160","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2160"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:030","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0791.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0791.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-1845.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-1845.html"},{"reference_url":"http://www.securityfocus.com/archive/1/516209/30/90/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/516209/30/90/threaded"},{"reference_url":"http://www.securityfocus.com/bid/46174","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46174"},{"reference_url":"http://www.securitytracker.com/id?1025026","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025026"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0376","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0376"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013","reference_id":"CVE-2011-0013","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0013","reference_id":"CVE-2011-0013","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0013"},{"reference_url":"https://github.com/advisories/GHSA-3p86-xgrq-m6p6","reference_id":"GHSA-3p86-xgrq-m6p6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p86-xgrq-m6p6"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://usn.ubuntu.com/1097-1/","reference_id":"USN-1097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1097-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-0013","GHSA-3p86-xgrq-m6p6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhun-hj5q-dfch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15514?format=json","vulnerability_id":"VCID-egye-da2v-4ybh","summary":"Use of Hard-coded Cryptographic Key in Apache Tomcat\nDigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5064.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5064","reference_id":"","reference_type":"","scores":[{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90129","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90039","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90048","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90046","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.9004","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90056","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90057","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90055","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90072","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90071","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90083","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90098","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.9011","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90106","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90114","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.89998","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.9","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90013","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90018","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05319","scoring_system":"epss","scoring_elements":"0.90033","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5064"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/57126"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1087655","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=rev&rev=1087655"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1158180","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=rev&rev=1158180"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&rev=1159309","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=rev&rev=1159309"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2012/dsa-2401","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741401","reference_id":"741401","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741401"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-5064","reference_id":"CVE-2011-5064","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-5064"},{"reference_url":"https://github.com/advisories/GHSA-6cr4-7c7p-p3xv","reference_id":"GHSA-6cr4-7c7p-p3xv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6cr4-7c7p-p3xv"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1780","reference_id":"RHSA-2011:1780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0041","reference_id":"RHSA-2012:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0077","reference_id":"RHSA-2012:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0078","reference_id":"RHSA-2012:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0091","reference_id":"RHSA-2012:0091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0325","reference_id":"RHSA-2012:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0679","reference_id":"RHSA-2012:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0680","reference_id":"RHSA-2012:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0681","reference_id":"RHSA-2012:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0682","reference_id":"RHSA-2012:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-5064","GHSA-6cr4-7c7p-p3xv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egye-da2v-4ybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4639?format=json","vulnerability_id":"VCID-f2zy-gq57-ufat","summary":"Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\"","references":[{"reference_url":"http://geronimo.apache.org/21x-security-report.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://geronimo.apache.org/21x-security-report.html"},{"reference_url":"http://geronimo.apache.org/22x-security-report.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://geronimo.apache.org/22x-security-report.html"},{"reference_url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0580","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0581","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0582","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0583","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0583"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2227.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2227","reference_id":"","reference_type":"","scores":[{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99115","published_at":"2026-04-18T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99114","published_at":"2026-04-16T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99113","published_at":"2026-04-12T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99112","published_at":"2026-04-13T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99111","published_at":"2026-04-09T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.9911","published_at":"2026-04-07T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99106","published_at":"2026-04-04T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99104","published_at":"2026-04-02T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99103","published_at":"2026-04-01T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99118","published_at":"2026-04-21T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99121","published_at":"2026-04-24T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99122","published_at":"2026-04-29T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99125","published_at":"2026-05-05T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99128","published_at":"2026-05-07T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99129","published_at":"2026-05-09T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.9913","published_at":"2026-05-12T12:55:00Z"},{"value":"0.80174","scoring_system":"epss","scoring_elements":"0.99131","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2227"},{"reference_url":"http://secunia.com/advisories/40813","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/40813"},{"reference_url":"http://secunia.com/advisories/41025","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/41025"},{"reference_url":"http://secunia.com/advisories/42079","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/42079"},{"reference_url":"http://secunia.com/advisories/42368","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/42368"},{"reference_url":"http://secunia.com/advisories/42454","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/42454"},{"reference_url":"http://secunia.com/advisories/43310","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43310"},{"reference_url":"http://secunia.com/advisories/44183","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44183"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57126"},{"reference_url":"http://securitytracker.com/id?1024180","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1024180"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/60264","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/60264"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/4faaca9353e5e3f963c7a674b3ac6a0bd1c3757e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/4faaca9353e5e3f963c7a674b3ac6a0bd1c3757e"},{"reference_url":"https://github.com/apache/tomcat/commit/40e5880dfc51517334acda5f12beacdec52ca283","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/40e5880dfc51517334acda5f12beacdec52ca283"},{"reference_url":"https://github.com/apache/tomcat/commit/4e97b367a97a356d2f8bb9986875e20d0807d32c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4e97b367a97a356d2f8bb9986875e20d0807d32c"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2227","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2227"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=958911","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=958911"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=959428","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=959428"},{"reference_url":"http://support.apple.com/kb/HT5002","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5002"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=958911","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=958911"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=958977","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=958977"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=959428","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=959428"},{"reference_url":"https://web.archive.org/web/20110213053623/http://secunia.com/advisories/43310","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110213053623/http://secunia.com/advisories/43310"},{"reference_url":"https://web.archive.org/web/20110220095703/http://secunia.com/advisories/42079","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110220095703/http://secunia.com/advisories/42079"},{"reference_url":"https://web.archive.org/web/20110220104410/http://secunia.com/advisories/40813","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110220104410/http://secunia.com/advisories/40813"},{"reference_url":"https://web.archive.org/web/20110220104426/http://secunia.com/advisories/41025","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110220104426/http://secunia.com/advisories/41025"},{"reference_url":"https://web.archive.org/web/20110220104430/http://secunia.com/advisories/42454","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110220104430/http://secunia.com/advisories/42454"},{"reference_url":"https://web.archive.org/web/20110712000328/http://secunia.com/advisories/42368","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110712000328/http://secunia.com/advisories/42368"},{"reference_url":"https://web.archive.org/web/20110713184518/http://secunia.com/advisories/44183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110713184518/http://secunia.com/advisories/44183"},{"reference_url":"https://web.archive.org/web/20110716102842/http://www.securityfocus.com/archive/1/512272/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110716102842/http://www.securityfocus.com/archive/1/512272/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20110906004746/http://www.securityfocus.com/bid/41544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110906004746/http://www.securityfocus.com/bid/41544"},{"reference_url":"https://web.archive.org/web/20111119150528/http://www.securityfocus.com/archive/1/516397/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111119150528/http://www.securityfocus.com/archive/1/516397/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126"},{"reference_url":"https://web.archive.org/web/20161107200417/http://securitytracker.com/id?1024180","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161107200417/http://securitytracker.com/id?1024180"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"},{"reference_url":"http://www.novell.com/support/viewContent.do?externalId=7007274","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/support/viewContent.do?externalId=7007274"},{"reference_url":"http://www.novell.com/support/viewContent.do?externalId=7007275","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/support/viewContent.do?externalId=7007275"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0580.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2010-0580.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0581.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2010-0581.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0582.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2010-0582.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0583.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2010-0583.html"},{"reference_url":"http://www.securityfocus.com/archive/1/512272/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/512272/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/516397/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/516397/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/41544","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/41544"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html"},{"reference_url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1986","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/1986"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2868","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/2868"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3056","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/3056"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=612799","reference_id":"612799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=612799"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227","reference_id":"CVE-2010-2227","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227"},{"reference_url":"https://github.com/advisories/GHSA-cxg2-49rq-8gcr","reference_id":"GHSA-cxg2-49rq-8gcr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cxg2-49rq-8gcr"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0584","reference_id":"RHSA-2010:0584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0693","reference_id":"RHSA-2010:0693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0693"},{"reference_url":"https://usn.ubuntu.com/976-1/","reference_id":"USN-976-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/976-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2010-2227","GHSA-cxg2-49rq-8gcr"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2zy-gq57-ufat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5061?format=json","vulnerability_id":"VCID-fd9j-6vta-ubbp","summary":"Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E"},{"reference_url":"http://marc.info/?l=tomcat-user&m=129966773405409&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=tomcat-user&m=129966773405409&w=2"},{"reference_url":"http://markmail.org/message/lzx5273wsgl5pob6","reference_id":"","reference_type":"","scores":[],"url":"http://markmail.org/message/lzx5273wsgl5pob6"},{"reference_url":"http://markmail.org/message/yzmyn44f5aetmm2r","reference_id":"","reference_type":"","scores":[],"url":"http://markmail.org/message/yzmyn44f5aetmm2r"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1419.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1419","reference_id":"","reference_type":"","scores":[{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.9486","published_at":"2026-05-14T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94793","published_at":"2026-04-12T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94794","published_at":"2026-04-13T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94801","published_at":"2026-04-16T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94805","published_at":"2026-04-18T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94808","published_at":"2026-04-21T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94809","published_at":"2026-04-24T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.9481","published_at":"2026-04-26T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94812","published_at":"2026-04-29T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.9482","published_at":"2026-05-05T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94828","published_at":"2026-05-07T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94837","published_at":"2026-05-09T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94843","published_at":"2026-05-11T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94849","published_at":"2026-05-12T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94757","published_at":"2026-04-01T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94767","published_at":"2026-04-02T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94771","published_at":"2026-04-04T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94772","published_at":"2026-04-07T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94781","published_at":"2026-04-08T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.94786","published_at":"2026-04-09T12:55:00Z"},{"value":"0.16103","scoring_system":"epss","scoring_elements":"0.9479","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1419"},{"reference_url":"http://secunia.com/advisories/43684","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43684"},{"reference_url":"http://securityreason.com/securityalert/8131","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8131"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65971","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65971"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/66154","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/66154"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0ff4905158b77787a7f3aca55c9dec93456665dc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0ff4905158b77787a7f3aca55c9dec93456665dc"},{"reference_url":"https://github.com/apache/tomcat/commit/3e5b0455483eed55752047073e92403bfca8d3ec","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3e5b0455483eed55752047073e92403bfca8d3ec"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1419","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1419"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1079752","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1079752"},{"reference_url":"https://web.archive.org/web/20110307182442/http://markmail.org/message/yzmyn44f5aetmm2r","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110307182442/http://markmail.org/message/yzmyn44f5aetmm2r"},{"reference_url":"https://web.archive.org/web/20110323002552/http://markmail.org/message/lzx5273wsgl5pob6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110323002552/http://markmail.org/message/lzx5273wsgl5pob6"},{"reference_url":"https://web.archive.org/web/20170202135440/http://www.securityfocus.com/bid/46685","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170202135440/http://www.securityfocus.com/bid/46685"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.osvdb.org/71027","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/71027"},{"reference_url":"http://www.securityfocus.com/bid/46685","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46685"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0563","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=708955","reference_id":"708955","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=708955"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-vch7-92vf-jm44","reference_id":"GHSA-vch7-92vf-jm44","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vch7-92vf-jm44"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-1419","GHSA-vch7-92vf-jm44"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fd9j-6vta-ubbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4729?format=json","vulnerability_id":"VCID-g998-xymt-fudu","summary":"The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2901.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2901.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2901","reference_id":"","reference_type":"","scores":[{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91137","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91129","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91124","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91111","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91102","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91088","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91094","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91173","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91177","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91179","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91166","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91162","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06552","scoring_system":"epss","scoring_elements":"0.91138","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07107","scoring_system":"epss","scoring_elements":"0.91609","published_at":"2026-05-14T12:55:00Z"},{"value":"0.07107","scoring_system":"epss","scoring_elements":"0.9157","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07107","scoring_system":"epss","scoring_elements":"0.91583","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07107","scoring_system":"epss","scoring_elements":"0.91593","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07107","scoring_system":"epss","scoring_elements":"0.91591","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07107","scoring_system":"epss","scoring_elements":"0.91601","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2901"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55856","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55856"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/0299cb724ea71f304d54adfcdb950f59b01fb421","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/0299cb724ea71f304d54adfcdb950f59b01fb421"},{"reference_url":"https://github.com/apache/tomcat/commit/3e1010b1a2f648581fac3d68afbf18f2979f6bf6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3e1010b1a2f648581fac3d68afbf18f2979f6bf6"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=892815","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=892815"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=902650","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=902650"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://svn.apache.org/viewvc?rev=892815&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=892815&view=rev"},{"reference_url":"http://svn.apache.org/viewvc?rev=902650&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=902650&view=rev"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://ubuntu.com/usn/usn-899-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-899-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=559742","reference_id":"559742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=559742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901","reference_id":"CVE-2009-2901","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2901","reference_id":"CVE-2009-2901","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2901"},{"reference_url":"https://github.com/advisories/GHSA-hjfh-7c4v-7q8h","reference_id":"GHSA-hjfh-7c4v-7q8h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hjfh-7c4v-7q8h"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://usn.ubuntu.com/899-1/","reference_id":"USN-899-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/899-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2009-2901","GHSA-hjfh-7c4v-7q8h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g998-xymt-fudu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4546?format=json","vulnerability_id":"VCID-hhk9-cr54-8fgc","summary":"Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=132871655717248&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=132871655717248&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133294394108746&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133294394108746&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-1331.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-1331.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0074","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0075","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0075"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0076","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:0076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1331","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:1331"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0022","reference_id":"","reference_type":"","scores":[{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95985","published_at":"2026-04-24T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95984","published_at":"2026-04-26T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95983","published_at":"2026-04-29T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95977","published_at":"2026-04-16T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95968","published_at":"2026-04-13T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95965","published_at":"2026-04-12T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95962","published_at":"2026-04-09T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95959","published_at":"2026-04-08T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.9595","published_at":"2026-04-07T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95945","published_at":"2026-04-04T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.9593","published_at":"2026-04-01T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95938","published_at":"2026-04-02T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.96023","published_at":"2026-05-14T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.9601","published_at":"2026-05-12T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.96006","published_at":"2026-05-11T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.96002","published_at":"2026-05-09T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95999","published_at":"2026-05-07T12:55:00Z"},{"value":"0.23418","scoring_system":"epss","scoring_elements":"0.95994","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0022"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72425","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72425"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/0314fe7743cb72e469cb395ccaaf2793a2ea0355","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/0314fe7743cb72e469cb395ccaaf2793a2ea0355"},{"reference_url":"https://github.com/apache/tomcat55/commit/7a1cfb6bd2f849806e7c060dda8648409ad8714e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/7a1cfb6bd2f849806e7c060dda8648409ad8714e"},{"reference_url":"https://github.com/apache/tomcat55/commit/b05497eff4311a9657de6dfc53511d0309eb9db4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/b05497eff4311a9657de6dfc53511d0309eb9db4"},{"reference_url":"https://github.com/apache/tomcat70/commit/0351f661e9219a0682df1d2a9265c518438279c6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/0351f661e9219a0682df1d2a9265c518438279c6"},{"reference_url":"https://github.com/apache/tomcat70/commit/0569aa6a01a74d51b93fd0027288358825fc03d5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/0569aa6a01a74d51b93fd0027288358825fc03d5"},{"reference_url":"https://github.com/apache/tomcat70/commit/0c5d3a903598abd7c7ebe1b00e27a6574339c417","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/0c5d3a903598abd7c7ebe1b00e27a6574339c417"},{"reference_url":"https://github.com/apache/tomcat70/commit/233dcc857e0faf8bc94325be5fb287aa70ee944f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/233dcc857e0faf8bc94325be5fb287aa70ee944f"},{"reference_url":"https://github.com/apache/tomcat70/commit/597edaab8863df03f7bdc4eafb39e754fd3cd322","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/597edaab8863df03f7bdc4eafb39e754fd3cd322"},{"reference_url":"https://github.com/apache/tomcat70/commit/5fd94ded5ebc57926974064d9b1e82e8f44c743c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/5fd94ded5ebc57926974064d9b1e82e8f44c743c"},{"reference_url":"https://github.com/apache/tomcat70/commit/7b05232350c11370ab9385185a57ccd1fe7da09f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/7b05232350c11370ab9385185a57ccd1fe7da09f"},{"reference_url":"https://github.com/apache/tomcat70/commit/9649a2147ce04753bb0bbe2be8e66444670c6db5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/9649a2147ce04753bb0bbe2be8e66444670c6db5"},{"reference_url":"https://github.com/apache/tomcat70/commit/a2fede48c2d8130db216ea2261c376d723021aa4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/a2fede48c2d8130db216ea2261c376d723021aa4"},{"reference_url":"https://github.com/apache/tomcat70/commit/a4bfa01d4e6fd677f6831ab7b3e513c8b94c6185","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/a4bfa01d4e6fd677f6831ab7b3e513c8b94c6185"},{"reference_url":"https://github.com/apache/tomcat70/commit/c2508191c17acd5e530d80a623a4ac28a8b23128","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/c2508191c17acd5e530d80a623a4ac28a8b23128"},{"reference_url":"https://github.com/apache/tomcat70/commit/c7950cf9f2d7790a40113d2b50e52cbb337a8fe9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/c7950cf9f2d7790a40113d2b50e52cbb337a8fe9"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:16925","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:16925"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:18934","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:18934"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1189899","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1189899"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1190372","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1190372"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1190482","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1190482"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1194917","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1194917"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1195225","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1195225"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1195226","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1195226"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1195537","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1195537"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1195909","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1195909"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1195944","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1195944"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1195951","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1195951"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1195977","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1195977"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1198641","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1198641"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1200601","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1200601"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1206324","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1206324"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1221282","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1221282"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1224640","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1224640"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1228191","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1228191"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1229027","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1229027"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2012/dsa-2401","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2401"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=783359","reference_id":"783359","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=783359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022","reference_id":"CVE-2012-0022","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0022","reference_id":"CVE-2012-0022","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0022"},{"reference_url":"https://github.com/advisories/GHSA-8h2q-qm9x-55jc","reference_id":"GHSA-8h2q-qm9x-55jc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8h2q-qm9x-55jc"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0077","reference_id":"RHSA-2012:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0078","reference_id":"RHSA-2012:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0325","reference_id":"RHSA-2012:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0345","reference_id":"RHSA-2012:0345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0474","reference_id":"RHSA-2012:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0475","reference_id":"RHSA-2012:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0679","reference_id":"RHSA-2012:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0680","reference_id":"RHSA-2012:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0681","reference_id":"RHSA-2012:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0682","reference_id":"RHSA-2012:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0682"},{"reference_url":"https://usn.ubuntu.com/1359-1/","reference_id":"USN-1359-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1359-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2012-0022","GHSA-8h2q-qm9x-55jc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhk9-cr54-8fgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4585?format=json","vulnerability_id":"VCID-hxj6-mupf-abbc","summary":"Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3375.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3375","reference_id":"","reference_type":"","scores":[{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83916","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83789","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83798","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83805","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83829","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.8385","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83867","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83866","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83882","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83665","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83678","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83692","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83695","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83718","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83725","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83741","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.8373","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83764","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.83765","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3375"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21"},{"reference_url":"https://github.com/apache/tomcat/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3375","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3375"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1176592","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1176592"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1185998","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1185998"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2012/dsa-2401","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=782624","reference_id":"782624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=782624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375","reference_id":"CVE-2011-3375","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375"},{"reference_url":"https://github.com/advisories/GHSA-rp8h-vr48-4j8p","reference_id":"GHSA-rp8h-vr48-4j8p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rp8h-vr48-4j8p"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0681","reference_id":"RHSA-2012:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0682","reference_id":"RHSA-2012:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0682"},{"reference_url":"https://usn.ubuntu.com/1359-1/","reference_id":"USN-1359-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1359-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-3375","GHSA-rp8h-vr48-4j8p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxj6-mupf-abbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15701?format=json","vulnerability_id":"VCID-jtg7-217a-qqhk","summary":"Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header\nThe default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4312.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4312","reference_id":"","reference_type":"","scores":[{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82664","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82511","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82533","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82543","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82548","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82568","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82588","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82608","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82623","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82398","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82413","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.8243","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82427","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82454","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82461","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82479","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82475","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.8247","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82507","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4312"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608286","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608286"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"http://www.securityfocus.com/archive/1/514866/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/514866/100/0/threaded"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=658267","reference_id":"658267","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=658267"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://launchpad.net/bugs/cve/CVE-2010-4312","reference_id":"CVE-2010-4312","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/cve/CVE-2010-4312"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4312","reference_id":"CVE-2010-4312","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4312"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2010-4312","reference_id":"CVE-2010-4312","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2010-4312"},{"reference_url":"https://ubuntu.com/security/CVE-2010-4312","reference_id":"CVE-2010-4312","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/security/CVE-2010-4312"},{"reference_url":"https://github.com/advisories/GHSA-pvjh-7h8q-q56r","reference_id":"GHSA-pvjh-7h8q-q56r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pvjh-7h8q-q56r"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2010-4312","GHSA-pvjh-7h8q-q56r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtg7-217a-qqhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4602?format=json","vulnerability_id":"VCID-mctd-9zgv-5qgp","summary":"Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1845","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:1845"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2204.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2204","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26653","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26585","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26731","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26797","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26805","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26854","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2689","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26914","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26903","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2696","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27004","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27001","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26955","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26887","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27023","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27098","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27063","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26724","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26643","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26625","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26701","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2204"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=717013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=717013"},{"reference_url":"http://securitytracker.com/id?1025712","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1025712"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/68238","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/68238"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/8b81c8c869987e35deed04993ecfcf7be27ca298","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/8b81c8c869987e35deed04993ecfcf7be27ca298"},{"reference_url":"https://github.com/apache/tomcat/commit/763a56b45999653ce648a18462b8a826809215b1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/763a56b45999653ce648a18462b8a826809215b1"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1140070","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1140070"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1140071","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1140071"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1140072","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1140072"},{"reference_url":"http://support.apple.com/kb/HT5130","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5130"},{"reference_url":"https://web.archive.org/web/20110711083618/http://securitytracker.com/id?1025712","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110711083618/http://securitytracker.com/id?1025712"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2012/dsa-2401","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2401"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-1845.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-1845.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204","reference_id":"CVE-2011-2204","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2204","reference_id":"CVE-2011-2204","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2204"},{"reference_url":"https://github.com/advisories/GHSA-c57p-3v2g-w9rg","reference_id":"GHSA-c57p-3v2g-w9rg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c57p-3v2g-w9rg"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1780","reference_id":"RHSA-2011:1780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0679","reference_id":"RHSA-2012:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0680","reference_id":"RHSA-2012:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0681","reference_id":"RHSA-2012:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0682","reference_id":"RHSA-2012:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0682"},{"reference_url":"https://usn.ubuntu.com/1252-1/","reference_id":"USN-1252-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1252-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-2204","GHSA-c57p-3v2g-w9rg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mctd-9zgv-5qgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4737?format=json","vulnerability_id":"VCID-mnf8-t3ew-4fgb","summary":"Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN63832775/index.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN63832775/index.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5515.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5515.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5515","reference_id":"","reference_type":"","scores":[{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98784","published_at":"2026-04-24T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98801","published_at":"2026-05-14T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98786","published_at":"2026-04-29T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98791","published_at":"2026-05-05T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98775","published_at":"2026-04-13T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98793","published_at":"2026-05-07T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98774","published_at":"2026-04-12T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98772","published_at":"2026-04-08T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98768","published_at":"2026-04-04T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98798","published_at":"2026-05-12T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98797","published_at":"2026-05-11T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98795","published_at":"2026-05-09T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98765","published_at":"2026-04-02T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98781","published_at":"2026-04-21T12:55:00Z"},{"value":"0.72859","scoring_system":"epss","scoring_elements":"0.98764","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5515"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/6b61911f94d6d8d49ee933c5f1882a7e7c336d2c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6b61911f94d6d8d49ee933c5f1882a7e7c336d2c"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10422","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10422"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19452","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19452"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:6445","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:6445"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=734734","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=734734"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=782757","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=782757"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=782763","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=782763"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=783291","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=783291"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=783292","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=783292"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=504753","reference_id":"504753","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=504753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515","reference_id":"CVE-2008-5515","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5515","reference_id":"CVE-2008-5515","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5515"},{"reference_url":"https://github.com/advisories/GHSA-9737-qmgc-hfr9","reference_id":"GHSA-9737-qmgc-hfr9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9737-qmgc-hfr9"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1143","reference_id":"RHSA-2009:1143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1144","reference_id":"RHSA-2009:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1145","reference_id":"RHSA-2009:1145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1146","reference_id":"RHSA-2009:1146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1454","reference_id":"RHSA-2009:1454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1506","reference_id":"RHSA-2009:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1563","reference_id":"RHSA-2009:1563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1616","reference_id":"RHSA-2009:1616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1616"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1617","reference_id":"RHSA-2009:1617","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1617"},{"reference_url":"https://usn.ubuntu.com/788-1/","reference_id":"USN-788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2008-5515","GHSA-9737-qmgc-hfr9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mnf8-t3ew-4fgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4593?format=json","vulnerability_id":"VCID-quwu-ep21-cyew","summary":"Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3190.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3190","reference_id":"","reference_type":"","scores":[{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75395","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75167","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.7517","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75201","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75177","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75224","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75245","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75222","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75211","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75249","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75256","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75247","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75283","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75287","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.7529","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.753","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75327","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75351","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75332","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.7534","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3190"},{"reference_url":"http://securityreason.com/securityalert/8362","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/8362"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/69472","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/69472"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/be3eb28f82250a5c81a1c42216570ebf892aefac","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/be3eb28f82250a5c81a1c42216570ebf892aefac"},{"reference_url":"https://github.com/apache/tomcat70/commit/90ec9675fa080e22df5f9e3e7019a19eb2faec14","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/90ec9675fa080e22df5f9e3e7019a19eb2faec14"},{"reference_url":"https://github.com/apache/tomcat/commit/a2538ce78f83b7376c48d12d8247600079d789b1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a2538ce78f83b7376c48d12d8247600079d789b1"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=51698","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=51698"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1162958","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1162958"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1162959","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1162959"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1162960","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1162960"},{"reference_url":"https://web.archive.org/web/20130121232525/http://www.securityfocus.com/archive/1/519466/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130121232525/http://www.securityfocus.com/archive/1/519466/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20130314002148/http://www.securityfocus.com/bid/49353","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130314002148/http://www.securityfocus.com/bid/49353"},{"reference_url":"https://web.archive.org/web/20131214094052/http://www.securitytracker.com/id?1025993","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20131214094052/http://www.securitytracker.com/id?1025993"},{"reference_url":"http://www.debian.org/security/2012/dsa-2401","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2401"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:156","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:156"},{"reference_url":"http://www.securityfocus.com/archive/1/519466/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/519466/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/49353","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/49353"},{"reference_url":"http://www.securitytracker.com/id?1025993","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025993"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=734868","reference_id":"734868","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=734868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190","reference_id":"CVE-2011-3190","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3190","reference_id":"CVE-2011-3190","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3190"},{"reference_url":"https://github.com/advisories/GHSA-c38m-v4m2-524v","reference_id":"GHSA-c38m-v4m2-524v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c38m-v4m2-524v"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1780","reference_id":"RHSA-2011:1780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0679","reference_id":"RHSA-2012:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0680","reference_id":"RHSA-2012:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0681","reference_id":"RHSA-2012:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0682","reference_id":"RHSA-2012:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0682"},{"reference_url":"https://usn.ubuntu.com/1252-1/","reference_id":"USN-1252-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1252-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-3190","GHSA-c38m-v4m2-524v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-quwu-ep21-cyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4748?format=json","vulnerability_id":"VCID-r84b-7ay9-ekcm","summary":"Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=129070310906557&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0783.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0783.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0783","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26907","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26954","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27016","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27005","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27063","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27107","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27104","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27058","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2699","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27197","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27161","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2712","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26745","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26728","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26827","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26804","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26755","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26687","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26833","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.269","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0783"},{"reference_url":"http://secunia.com/advisories/35685","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/35685"},{"reference_url":"http://secunia.com/advisories/35788","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/35788"},{"reference_url":"http://secunia.com/advisories/37460","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/37460"},{"reference_url":"http://secunia.com/advisories/42368","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/42368"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51195","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=29936","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=45933","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=652592","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=652592"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=681156","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=681156"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=739522","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=739522"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=781542","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=781542"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=781708","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=781708"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://svn.apache.org/viewvc?rev=652592&view=rev","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=652592&view=rev"},{"reference_url":"http://svn.apache.org/viewvc?rev=681156&view=rev","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=681156&view=rev"},{"reference_url":"http://svn.apache.org/viewvc?rev=739522&view=rev","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=739522&view=rev"},{"reference_url":"http://svn.apache.org/viewvc?rev=781542&view=rev","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=781542&view=rev"},{"reference_url":"http://svn.apache.org/viewvc?rev=781708&view=rev","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=781708&view=rev"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"},{"reference_url":"http://www.securityfocus.com/archive/1/504090/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/504090/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/507985/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/35416","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/35416"},{"reference_url":"http://www.securitytracker.com/id?1022336","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id?1022336"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0016.html"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1856","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/1856"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3316","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2009/3316"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3056","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2010/3056"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=504153","reference_id":"504153","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=504153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783","reference_id":"CVE-2009-0783","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0783","reference_id":"CVE-2009-0783","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0783"},{"reference_url":"https://github.com/advisories/GHSA-hhjg-g8xq-hhr3","reference_id":"GHSA-hhjg-g8xq-hhr3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhjg-g8xq-hhr3"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1143","reference_id":"RHSA-2009:1143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1144","reference_id":"RHSA-2009:1144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1145","reference_id":"RHSA-2009:1145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1146","reference_id":"RHSA-2009:1146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1454","reference_id":"RHSA-2009:1454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1506","reference_id":"RHSA-2009:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1563","reference_id":"RHSA-2009:1563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1616","reference_id":"RHSA-2009:1616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1616"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1617","reference_id":"RHSA-2009:1617","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1617"},{"reference_url":"https://usn.ubuntu.com/788-1/","reference_id":"USN-788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2009-0783","GHSA-hhjg-g8xq-hhr3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r84b-7ay9-ekcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4619?format=json","vulnerability_id":"VCID-rhg2-n93w-tqeu","summary":"Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1183","reference_id":"","reference_type":"","scores":[{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.74086","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73945","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73927","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73919","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.7396","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73969","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73962","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73995","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.74004","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.74002","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73997","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.74022","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.74045","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.74007","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.7403","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73868","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73879","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73904","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73876","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.7391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00793","scoring_system":"epss","scoring_elements":"0.73924","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1183"},{"reference_url":"http://seclists.org/fulldisclosure/2011/Apr/96","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2011/Apr/96"},{"reference_url":"http://securityreason.com/securityalert/8187","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/8187"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/66675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/66675"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/b7b5c63a932f6c1ea05f9b65ad9054247bb5af57","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b7b5c63a932f6c1ea05f9b65ad9054247bb5af57"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12701","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12701"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1087643","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1087643"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1087643","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1087643"},{"reference_url":"https://web.archive.org/web/20200229122300/http://www.securityfocus.com/bid/47196","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229122300/http://www.securityfocus.com/bid/47196"},{"reference_url":"https://web.archive.org/web/20200928033804/http://www.securityfocus.com/archive/1/517362/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200928033804/http://www.securityfocus.com/archive/1/517362/100/0/threaded"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.securityfocus.com/archive/1/517362/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/517362/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/47196","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/47196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=708955","reference_id":"708955","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=708955"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1183","reference_id":"CVE-2011-1183","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1183"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1183","reference_id":"CVE-2011-1183","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1183"},{"reference_url":"https://github.com/advisories/GHSA-p26v-97vp-jcx6","reference_id":"GHSA-p26v-97vp-jcx6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p26v-97vp-jcx6"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-1183","GHSA-p26v-97vp-jcx6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhg2-n93w-tqeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4608?format=json","vulnerability_id":"VCID-sp3x-x26s-hue6","summary":"Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103%40apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103%40apache.org%3E"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103@apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103@apache.org%3E"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1582.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1582.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1582","reference_id":"","reference_type":"","scores":[{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81492","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81308","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81347","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.8137","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81377","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81382","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81398","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81418","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81439","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81435","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81453","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81244","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81254","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81276","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81275","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81304","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81309","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.8133","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1582"},{"reference_url":"http://securityreason.com/securityalert/8256","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/8256"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/67515","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/67515"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/299b26af66793438c323ea6b18462fa44683080f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/299b26af66793438c323ea6b18462fa44683080f"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1100832","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1100832"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1100832","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1100832"},{"reference_url":"https://web.archive.org/web/20111110135226/http://www.securityfocus.com/archive/1/518032/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111110135226/http://www.securityfocus.com/archive/1/518032/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20170202135510/http://www.securityfocus.com/bid/47886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170202135510/http://www.securityfocus.com/bid/47886"},{"reference_url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29"},{"reference_url":"http://www.securityfocus.com/archive/1/518032/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/518032/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/47886","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/47886"},{"reference_url":"http://www.vupen.com/english/advisories/2011/1255","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/1255"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=708955","reference_id":"708955","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=708955"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582","reference_id":"CVE-2011-1582","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1582","reference_id":"CVE-2011-1582","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1582"},{"reference_url":"https://github.com/advisories/GHSA-3xpj-jgv5-q4vv","reference_id":"GHSA-3xpj-jgv5-q4vv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3xpj-jgv5-q4vv"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-1582","GHSA-3xpj-jgv5-q4vv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sp3x-x26s-hue6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4637?format=json","vulnerability_id":"VCID-tfn5-6ckq-wyce","summary":"Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.","references":[{"reference_url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=130168502603566&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=130168502603566&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3718.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3718","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53735","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53609","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53716","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53633","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53661","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53628","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5368","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53727","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5371","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53693","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53731","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53767","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53694","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5367","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53707","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53654","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53608","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53655","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5369","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53679","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3718"},{"reference_url":"http://secunia.com/advisories/43192","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43192"},{"reference_url":"http://secunia.com/advisories/45022","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/45022"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57126"},{"reference_url":"http://securityreason.com/securityalert/8072","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8072"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65159","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65159"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/53b9e4bf21aef92321404644bfbb22ae625c033b","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/53b9e4bf21aef92321404644bfbb22ae625c033b"},{"reference_url":"https://github.com/apache/tomcat/commit/a697f7b52c4e3aea0c6763b33d413b54a518e883","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a697f7b52c4e3aea0c6763b33d413b54a518e883"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"},{"reference_url":"https://marc.info/?l=bugtraq&m=130168502603566&w=2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=130168502603566&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=132215163318824&w=2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=132215163318824&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"https://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1022134","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1022134"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1022560","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1022560"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1027610","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1027610"},{"reference_url":"https://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.0.30","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.0.30"},{"reference_url":"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30"},{"reference_url":"http://support.apple.com/kb/HT5002","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT5002"},{"reference_url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html","reference_id":"","reference_type":"","scores":[],"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2160","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2160"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:030","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0791.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0791.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-1845.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-1845.html"},{"reference_url":"http://www.securityfocus.com/archive/1/516211/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/516211/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/46177","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46177"},{"reference_url":"http://www.securitytracker.com/id?1025025","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025025"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675792","reference_id":"675792","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675792"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718","reference_id":"CVE-2010-3718","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3718","reference_id":"CVE-2010-3718","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:N/C:N/I:P/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3718"},{"reference_url":"https://github.com/advisories/GHSA-fj6c-prgj-gr3r","reference_id":"GHSA-fj6c-prgj-gr3r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fj6c-prgj-gr3r"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://usn.ubuntu.com/1097-1/","reference_id":"USN-1097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1097-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2010-3718","GHSA-fj6c-prgj-gr3r"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfn5-6ckq-wyce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4731?format=json","vulnerability_id":"VCID-wsn2-pd9b-b3g8","summary":"Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127420533226623&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0119","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0580","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0582","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0582"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2902.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2902.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2902","reference_id":"","reference_type":"","scores":[{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93168","published_at":"2026-05-14T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93054","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93063","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93067","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93079","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93083","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93099","published_at":"2026-04-16T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93104","published_at":"2026-04-18T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93109","published_at":"2026-04-21T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.9311","published_at":"2026-04-29T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93117","published_at":"2026-05-05T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93132","published_at":"2026-05-07T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93142","published_at":"2026-05-09T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93145","published_at":"2026-05-11T12:55:00Z"},{"value":"0.1008","scoring_system":"epss","scoring_elements":"0.93152","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2902"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55857","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55857"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/0299cb724ea71f304d54adfcdb950f59b01fb421","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/0299cb724ea71f304d54adfcdb950f59b01fb421"},{"reference_url":"https://github.com/apache/tomcat/commit/3e1010b1a2f648581fac3d68afbf18f2979f6bf6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3e1010b1a2f648581fac3d68afbf18f2979f6bf6"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19431","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19431"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7092","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7092"},{"reference_url":"https://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT4077"},{"reference_url":"https://support.hpe.com/hpesc/public/docDisplay?docId=c02241113","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpesc/public/docDisplay?docId=c02241113"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=892815","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=892815"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=902650","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=902650"},{"reference_url":"http://support.apple.com/kb/HT4077","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT4077"},{"reference_url":"http://svn.apache.org/viewvc?rev=892815&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=892815&view=rev"},{"reference_url":"http://svn.apache.org/viewvc?rev=902650&view=rev","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?rev=902650&view=rev"},{"reference_url":"https://web.archive.org/web/20100127015355/http://secunia.com/advisories/38346","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100127015355/http://secunia.com/advisories/38346"},{"reference_url":"https://web.archive.org/web/20100127190258/http://secunia.com/advisories/38316","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100127190258/http://secunia.com/advisories/38316"},{"reference_url":"https://web.archive.org/web/20100329100145/http://secunia.com/advisories/38687","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100329100145/http://secunia.com/advisories/38687"},{"reference_url":"https://web.archive.org/web/20100412065745/http://secunia.com/advisories/39317","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100412065745/http://secunia.com/advisories/39317"},{"reference_url":"https://web.archive.org/web/20100601000000*/http://secunia.com/advisories/40813","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100601000000*/http://secunia.com/advisories/40813"},{"reference_url":"https://web.archive.org/web/20110213053623/https://secunia.com/advisories/43310","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110213053623/https://secunia.com/advisories/43310"},{"reference_url":"https://web.archive.org/web/20110529135656/http://secunia.com/advisories/38541","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110529135656/http://secunia.com/advisories/38541"},{"reference_url":"https://web.archive.org/web/20110601000000*/http://secunia.com/advisories/40330","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110601000000*/http://secunia.com/advisories/40330"},{"reference_url":"https://web.archive.org/web/20111119150528/http://www.securityfocus.com/archive/1/516397/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111119150528/http://www.securityfocus.com/archive/1/516397/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20121211115829/http://securitytracker.com/id?1023504","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121211115829/http://securitytracker.com/id?1023504"},{"reference_url":"https://web.archive.org/web/20121211195847/http://www.securityfocus.com/bid/37945","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121211195847/http://www.securityfocus.com/bid/37945"},{"reference_url":"https://web.archive.org/web/20140515000000*/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140515000000*/http://secunia.com/advisories/57126"},{"reference_url":"https://web.archive.org/web/20150308000602/http://www.securityfocus.com/archive/1/509150/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150308000602/http://www.securityfocus.com/archive/1/509150/100/0/threaded"},{"reference_url":"http://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://ubuntu.com/usn/usn-899-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-899-1"},{"reference_url":"http://www.debian.org/security/2011/dsa-2207","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2207"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html"},{"reference_url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=559761","reference_id":"559761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=559761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902","reference_id":"CVE-2009-2902","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2902","reference_id":"CVE-2009-2902","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2902"},{"reference_url":"https://github.com/advisories/GHSA-8wch-9gcg-v2pr","reference_id":"GHSA-8wch-9gcg-v2pr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wch-9gcg-v2pr"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0693","reference_id":"RHSA-2010:0693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0693"},{"reference_url":"https://usn.ubuntu.com/899-1/","reference_id":"USN-899-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/899-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2009-2902","GHSA-8wch-9gcg-v2pr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wsn2-pd9b-b3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4604?format=json","vulnerability_id":"VCID-xqrn-wuv5-x7de","summary":"Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.  NOTE: this vulnerability exists because of a CVE-2009-0783 regression.","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2481.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2481.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2481","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47524","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47522","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.4753","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47588","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47581","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47532","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47478","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47394","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.4746","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.4748","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47422","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47451","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47472","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47503","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47523","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47546","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2481"},{"reference_url":"http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57126"},{"reference_url":"http://securitytracker.com/id?1025924","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1025924"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/279e4451cb996f810fbca2f78b6340412d9daa7b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/279e4451cb996f810fbca2f78b6340412d9daa7b"},{"reference_url":"https://github.com/apache/tomcat/commit/81bb49ad58fc7b1177a86ba82abf0271d07ceeb7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/81bb49ad58fc7b1177a86ba82abf0271d07ceeb7"},{"reference_url":"https://github.com/apache/tomcat/commit/8fa210147ffd98e8971cba56395726cc4a893ad7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/8fa210147ffd98e8971cba56395726cc4a893ad7"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=51395","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=51395"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2481","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2481"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1137753","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1137753"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1138788","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1138788"},{"reference_url":"https://web.archive.org/web/20111209022500/http://www.securityfocus.com/bid/49147","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111209022500/http://www.securityfocus.com/bid/49147"},{"reference_url":"https://web.archive.org/web/20161127215021/http://securitytracker.com/id?1025924","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161127215021/http://securitytracker.com/id?1025924"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://www.securityfocus.com/bid/49147","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/49147"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=732820","reference_id":"732820","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=732820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481","reference_id":"CVE-2011-2481","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481"},{"reference_url":"https://github.com/advisories/GHSA-r7c8-hghc-2mp8","reference_id":"GHSA-r7c8-hghc-2mp8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7c8-hghc-2mp8"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-2481","GHSA-r7c8-hghc-2mp8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqrn-wuv5-x7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15602?format=json","vulnerability_id":"VCID-zbbr-wded-9ffj","summary":"Improper Input Validation in Apache Tomcat\nApache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e"},{"reference_url":"http://marc.info/?l=bugtraq&m=132871655717248&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=132871655717248&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133294394108746&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133294394108746&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0074.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0075.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0076.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4858.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4858.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4858","reference_id":"","reference_type":"","scores":[{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98967","published_at":"2026-05-14T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98945","published_at":"2026-04-13T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98947","published_at":"2026-04-18T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98948","published_at":"2026-04-21T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98951","published_at":"2026-04-24T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98953","published_at":"2026-04-26T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98954","published_at":"2026-04-29T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98959","published_at":"2026-05-05T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.9896","published_at":"2026-05-07T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98962","published_at":"2026-05-09T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98964","published_at":"2026-05-11T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98965","published_at":"2026-05-12T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98934","published_at":"2026-04-01T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98936","published_at":"2026-04-02T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98938","published_at":"2026-04-04T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.9894","published_at":"2026-04-07T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98942","published_at":"2026-04-09T12:55:00Z"},{"value":"0.766","scoring_system":"epss","scoring_elements":"0.98944","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4858"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=750521","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=750521"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"},{"reference_url":"http://tomcat.apache.org/tomcat-7.0-doc/changelog.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"},{"reference_url":"http://www.debian.org/security/2012/dsa-2401","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2401"},{"reference_url":"http://www.kb.cert.org/vuls/id/903934","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/903934"},{"reference_url":"http://www.nruns.com/_downloads/advisory28122011.pdf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.nruns.com/_downloads/advisory28122011.pdf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4858","reference_id":"CVE-2011-4858","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4858"},{"reference_url":"http://www.ocert.org/advisories/ocert-2011-003.html","reference_id":"CVE-2011-4885;OSVDB-78115","reference_type":"exploit","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ocert.org/advisories/ocert-2011-003.html"},{"reference_url":"https://github.com/advisories/GHSA-wr3m-gw98-mc3j","reference_id":"GHSA-wr3m-gw98-mc3j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr3m-gw98-mc3j"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/2012.php","reference_id":"OSVDB-84803;CVE-2011-5035;CVE-2011-5034;CVE-2011-4885;CVE-2011-4858;CVE-2011-4084;CVE-2006-3775;OSVDB-84802;OSVDB-78115;OSVDB-78114;OSVDB-78113;OSVDB-78112;OSVDB-27335","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/2012.php"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0041","reference_id":"RHSA-2012:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0077","reference_id":"RHSA-2012:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0078","reference_id":"RHSA-2012:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0089","reference_id":"RHSA-2012:0089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0091","reference_id":"RHSA-2012:0091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0325","reference_id":"RHSA-2012:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0406","reference_id":"RHSA-2012:0406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0474","reference_id":"RHSA-2012:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0475","reference_id":"RHSA-2012:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0679","reference_id":"RHSA-2012:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0680","reference_id":"RHSA-2012:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0681","reference_id":"RHSA-2012:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0682","reference_id":"RHSA-2012:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0682"},{"reference_url":"https://usn.ubuntu.com/1359-1/","reference_id":"USN-1359-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1359-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71829?format=json","purl":"pkg:ebuild/www-servers/tomcat@7.0.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}],"aliases":["CVE-2011-4858","GHSA-wr3m-gw98-mc3j"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbbr-wded-9ffj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23"}