Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@9.0.74
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version9.0.74
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.0.118
Latest_non_vulnerable_version11.0.22
Affected_by_vulnerabilities
0
url VCID-2rmy-13ym-3bgm
vulnerability_id VCID-2rmy-13ym-3bgm
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34483
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08846
published_at 2026-04-12T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08877
published_at 2026-04-11T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08832
published_at 2026-04-13T12:55:00Z
3
value 0.00082
scoring_system epss
scoring_elements 0.23801
published_at 2026-04-29T12:55:00Z
4
value 0.00082
scoring_system epss
scoring_elements 0.23843
published_at 2026-04-26T12:55:00Z
5
value 0.00082
scoring_system epss
scoring_elements 0.23854
published_at 2026-04-24T12:55:00Z
6
value 0.00082
scoring_system epss
scoring_elements 0.23977
published_at 2026-04-21T12:55:00Z
7
value 0.00082
scoring_system epss
scoring_elements 0.23995
published_at 2026-04-18T12:55:00Z
8
value 0.00082
scoring_system epss
scoring_elements 0.24008
published_at 2026-04-16T12:55:00Z
9
value 0.00082
scoring_system epss
scoring_elements 0.23835
published_at 2026-05-09T12:55:00Z
10
value 0.00082
scoring_system epss
scoring_elements 0.23764
published_at 2026-05-07T12:55:00Z
11
value 0.00082
scoring_system epss
scoring_elements 0.2368
published_at 2026-05-05T12:55:00Z
12
value 0.00091
scoring_system epss
scoring_elements 0.25577
published_at 2026-05-14T12:55:00Z
13
value 0.00091
scoring_system epss
scoring_elements 0.25482
published_at 2026-05-11T12:55:00Z
14
value 0.00091
scoring_system epss
scoring_elements 0.25499
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34483
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68
5
reference_url https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06
6
reference_url https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc
7
reference_url https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:16:32Z/
url https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34483
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34483
9
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/26
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/26
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id 1133356
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id 1133357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457044
reference_id 2457044
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457044
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483
reference_id CVE-2026-34483
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483
14
reference_url https://github.com/advisories/GHSA-rv64-5gf8-9qq8
reference_id GHSA-rv64-5gf8-9qq8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rv64-5gf8-9qq8
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.116
purl pkg:maven/org.apache.tomcat/tomcat@9.0.116
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-8e1c-rbkg-v7c2
2
vulnerability VCID-abt4-b2cv-eygv
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-yrzk-1dbk-muhy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.117
purl pkg:maven/org.apache.tomcat/tomcat@9.0.117
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4b-b29n-xqbf
1
vulnerability VCID-2xj4-ez2z-cqcd
2
vulnerability VCID-95ew-nvd2-4uhu
3
vulnerability VCID-f2y6-wdzk-3ugu
4
vulnerability VCID-jgnm-7wnr-j3cy
5
vulnerability VCID-mm1u-x9eu-s3dr
6
vulnerability VCID-qqtd-9qtt-6kee
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117
2
url pkg:maven/org.apache.tomcat/tomcat@10.1.54
purl pkg:maven/org.apache.tomcat/tomcat@10.1.54
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4b-b29n-xqbf
1
vulnerability VCID-2xj4-ez2z-cqcd
2
vulnerability VCID-95ew-nvd2-4uhu
3
vulnerability VCID-f2y6-wdzk-3ugu
4
vulnerability VCID-jgnm-7wnr-j3cy
5
vulnerability VCID-mm1u-x9eu-s3dr
6
vulnerability VCID-qqtd-9qtt-6kee
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54
3
url pkg:maven/org.apache.tomcat/tomcat@11.0.21
purl pkg:maven/org.apache.tomcat/tomcat@11.0.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4b-b29n-xqbf
1
vulnerability VCID-2xj4-ez2z-cqcd
2
vulnerability VCID-95ew-nvd2-4uhu
3
vulnerability VCID-f2y6-wdzk-3ugu
4
vulnerability VCID-jgnm-7wnr-j3cy
5
vulnerability VCID-mm1u-x9eu-s3dr
6
vulnerability VCID-qqtd-9qtt-6kee
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21
aliases CVE-2026-34483, GHSA-rv64-5gf8-9qq8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rmy-13ym-3bgm
1
url VCID-5732-xnx7-tkfy
vulnerability_id VCID-5732-xnx7-tkfy
summary A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34981.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34981.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34981
reference_id
reference_type
scores
0
value 0.00258
scoring_system epss
scoring_elements 0.49154
published_at 2026-04-13T12:55:00Z
1
value 0.00258
scoring_system epss
scoring_elements 0.49201
published_at 2026-04-16T12:55:00Z
2
value 0.00258
scoring_system epss
scoring_elements 0.49149
published_at 2026-04-12T12:55:00Z
3
value 0.00258
scoring_system epss
scoring_elements 0.49174
published_at 2026-04-11T12:55:00Z
4
value 0.00258
scoring_system epss
scoring_elements 0.49157
published_at 2026-04-09T12:55:00Z
5
value 0.00258
scoring_system epss
scoring_elements 0.49161
published_at 2026-04-08T12:55:00Z
6
value 0.00258
scoring_system epss
scoring_elements 0.49106
published_at 2026-04-07T12:55:00Z
7
value 0.00258
scoring_system epss
scoring_elements 0.49125
published_at 2026-04-02T12:55:00Z
8
value 0.00275
scoring_system epss
scoring_elements 0.50915
published_at 2026-05-09T12:55:00Z
9
value 0.00275
scoring_system epss
scoring_elements 0.50833
published_at 2026-05-05T12:55:00Z
10
value 0.00275
scoring_system epss
scoring_elements 0.50885
published_at 2026-05-07T12:55:00Z
11
value 0.00275
scoring_system epss
scoring_elements 0.50906
published_at 2026-04-29T12:55:00Z
12
value 0.00275
scoring_system epss
scoring_elements 0.50944
published_at 2026-04-26T12:55:00Z
13
value 0.00275
scoring_system epss
scoring_elements 0.50936
published_at 2026-04-24T12:55:00Z
14
value 0.00275
scoring_system epss
scoring_elements 0.5099
published_at 2026-04-21T12:55:00Z
15
value 0.00275
scoring_system epss
scoring_elements 0.51012
published_at 2026-04-18T12:55:00Z
16
value 0.00275
scoring_system epss
scoring_elements 0.50976
published_at 2026-05-14T12:55:00Z
17
value 0.00275
scoring_system epss
scoring_elements 0.509
published_at 2026-05-12T12:55:00Z
18
value 0.00275
scoring_system epss
scoring_elements 0.5087
published_at 2026-05-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34981
2
reference_url https://bz.apache.org/bugzilla/show_bug.cgi?id=66512
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bz.apache.org/bugzilla/show_bug.cgi?id=66512
3
reference_url https://bz.apache.org/bugzilla/show_bug.cgi?id=66591
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bz.apache.org/bugzilla/show_bug.cgi?id=66591
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
6
reference_url https://github.com/apache/tomcat/commit/2214c8030522aa9b2a367dfa5d9acff1a03666ae
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2214c8030522aa9b2a367dfa5d9acff1a03666ae
7
reference_url https://github.com/apache/tomcat/commit/2f0ca2378415f4cf0748f4bc8fa955f41f803fa5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2f0ca2378415f4cf0748f4bc8fa955f41f803fa5
8
reference_url https://github.com/apache/tomcat/commit/739c7381aed22b7636351caf885ddc519ab6b442
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/739c7381aed22b7636351caf885ddc519ab6b442
9
reference_url https://github.com/apache/tomcat/commit/f0742f47b98aca943097f7f88e0d1163f57527e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/f0742f47b98aca943097f7f88e0d1163f57527e3
10
reference_url https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:50:34Z/
url https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
11
reference_url https://security.netapp.com/advisory/ntap-20230714-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230714-0003
12
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
13
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
14
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
15
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2216439
reference_id 2216439
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2216439
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34981
reference_id CVE-2023-34981
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34981
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34981
reference_id CVE-2023-34981
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34981
19
reference_url https://github.com/advisories/GHSA-mppv-79ch-vw6q
reference_id GHSA-mppv-79ch-vw6q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mppv-79ch-vw6q
20
reference_url https://security.netapp.com/advisory/ntap-20230714-0003/
reference_id ntap-20230714-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:50:34Z/
url https://security.netapp.com/advisory/ntap-20230714-0003/
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.75
purl pkg:maven/org.apache.tomcat/tomcat@9.0.75
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-6kcx-vptm-zbds
2
vulnerability VCID-b3bb-9ajg-sfc9
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-gyed-x6s8-ybhr
5
vulnerability VCID-yrzk-1dbk-muhy
6
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.75
1
url pkg:maven/org.apache.tomcat/tomcat@10.1.9
purl pkg:maven/org.apache.tomcat/tomcat@10.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-74tx-sx8a-guhs
2
vulnerability VCID-8war-4v58-eub2
3
vulnerability VCID-b3bb-9ajg-sfc9
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.9
2
url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M6
purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-74tx-sx8a-guhs
2
vulnerability VCID-8war-4v58-eub2
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-gyed-x6s8-ybhr
5
vulnerability VCID-yrzk-1dbk-muhy
6
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M6
aliases CVE-2023-34981, GHSA-mppv-79ch-vw6q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5732-xnx7-tkfy
2
url VCID-6kcx-vptm-zbds
vulnerability_id VCID-6kcx-vptm-zbds
summary 
Incomplete Cleanup vulnerability in Apache Tomcat.

The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, 
in progress refactoring that exposed a potential denial of service on 
Windows if a web application opened a stream for an uploaded file but 
failed to close the stream. The file would never be deleted from disk 
creating the possibility of an eventual denial of service due to the 
disk being full.

Other, EOL versions may also be affected.


Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42794.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42794.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42794
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.57814
published_at 2026-04-29T12:55:00Z
1
value 0.00355
scoring_system epss
scoring_elements 0.57832
published_at 2026-04-26T12:55:00Z
2
value 0.00355
scoring_system epss
scoring_elements 0.57812
published_at 2026-04-24T12:55:00Z
3
value 0.00355
scoring_system epss
scoring_elements 0.57854
published_at 2026-04-21T12:55:00Z
4
value 0.00355
scoring_system epss
scoring_elements 0.57876
published_at 2026-04-18T12:55:00Z
5
value 0.00355
scoring_system epss
scoring_elements 0.57877
published_at 2026-04-16T12:55:00Z
6
value 0.00355
scoring_system epss
scoring_elements 0.57848
published_at 2026-04-13T12:55:00Z
7
value 0.00355
scoring_system epss
scoring_elements 0.57869
published_at 2026-04-12T12:55:00Z
8
value 0.00355
scoring_system epss
scoring_elements 0.57891
published_at 2026-04-11T12:55:00Z
9
value 0.00355
scoring_system epss
scoring_elements 0.57874
published_at 2026-04-09T12:55:00Z
10
value 0.00355
scoring_system epss
scoring_elements 0.57824
published_at 2026-04-02T12:55:00Z
11
value 0.00355
scoring_system epss
scoring_elements 0.57844
published_at 2026-04-04T12:55:00Z
12
value 0.00355
scoring_system epss
scoring_elements 0.57873
published_at 2026-04-08T12:55:00Z
13
value 0.00355
scoring_system epss
scoring_elements 0.57818
published_at 2026-04-07T12:55:00Z
14
value 0.00395
scoring_system epss
scoring_elements 0.60499
published_at 2026-05-14T12:55:00Z
15
value 0.00395
scoring_system epss
scoring_elements 0.60348
published_at 2026-05-05T12:55:00Z
16
value 0.00395
scoring_system epss
scoring_elements 0.60395
published_at 2026-05-07T12:55:00Z
17
value 0.00395
scoring_system epss
scoring_elements 0.60453
published_at 2026-05-09T12:55:00Z
18
value 0.00395
scoring_system epss
scoring_elements 0.60411
published_at 2026-05-11T12:55:00Z
19
value 0.00395
scoring_system epss
scoring_elements 0.60438
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42794
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/43b882b8a577684498ab9b8851aa0427216784f7
5
reference_url https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/c99ffc30e95ddc4daede564d08cb5ea2b9a9da65
6
reference_url https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82
7
reference_url http://www.openwall.com/lists/oss-security/2023/10/10/8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/10/8
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243751
reference_id 2243751
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243751
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794
reference_id CVE-2023-42794
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42794
reference_id CVE-2023-42794
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42794
11
reference_url https://github.com/advisories/GHSA-jm7m-8jh6-29hp
reference_id GHSA-jm7m-8jh6-29hp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jm7m-8jh6-29hp
12
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
13
reference_url https://access.redhat.com/errata/RHSA-2024:0125
reference_id RHSA-2024:0125
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0125
14
reference_url https://access.redhat.com/errata/RHSA-2024:0474
reference_id RHSA-2024:0474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0474
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.81
purl pkg:maven/org.apache.tomcat/tomcat@9.0.81
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-b3bb-9ajg-sfc9
2
vulnerability VCID-d1fm-vbd1-n7au
3
vulnerability VCID-gyed-x6s8-ybhr
4
vulnerability VCID-yrzk-1dbk-muhy
5
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.81
aliases CVE-2023-42794, GHSA-jm7m-8jh6-29hp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kcx-vptm-zbds
3
url VCID-b3bb-9ajg-sfc9
vulnerability_id VCID-b3bb-9ajg-sfc9
summary 
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
request as multiple requests leading to the possibility of request 
smuggling when behind a reverse proxy.


Older, EOL versions may also be affected.


Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46589.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46589
reference_id
reference_type
scores
0
value 0.51432
scoring_system epss
scoring_elements 0.97885
published_at 2026-04-11T12:55:00Z
1
value 0.51432
scoring_system epss
scoring_elements 0.97886
published_at 2026-04-12T12:55:00Z
2
value 0.51432
scoring_system epss
scoring_elements 0.97888
published_at 2026-04-13T12:55:00Z
3
value 0.51432
scoring_system epss
scoring_elements 0.97872
published_at 2026-04-04T12:55:00Z
4
value 0.51432
scoring_system epss
scoring_elements 0.97871
published_at 2026-04-02T12:55:00Z
5
value 0.51432
scoring_system epss
scoring_elements 0.97875
published_at 2026-04-07T12:55:00Z
6
value 0.51432
scoring_system epss
scoring_elements 0.97896
published_at 2026-04-18T12:55:00Z
7
value 0.51432
scoring_system epss
scoring_elements 0.97895
published_at 2026-04-16T12:55:00Z
8
value 0.51432
scoring_system epss
scoring_elements 0.97882
published_at 2026-04-09T12:55:00Z
9
value 0.51432
scoring_system epss
scoring_elements 0.9788
published_at 2026-04-08T12:55:00Z
10
value 0.57888
scoring_system epss
scoring_elements 0.98189
published_at 2026-04-29T12:55:00Z
11
value 0.57888
scoring_system epss
scoring_elements 0.98198
published_at 2026-05-14T12:55:00Z
12
value 0.57888
scoring_system epss
scoring_elements 0.98196
published_at 2026-05-12T12:55:00Z
13
value 0.57888
scoring_system epss
scoring_elements 0.98193
published_at 2026-05-11T12:55:00Z
14
value 0.57888
scoring_system epss
scoring_elements 0.98197
published_at 2026-05-09T12:55:00Z
15
value 0.57888
scoring_system epss
scoring_elements 0.98194
published_at 2026-05-07T12:55:00Z
16
value 0.57888
scoring_system epss
scoring_elements 0.98195
published_at 2026-05-05T12:55:00Z
17
value 0.57888
scoring_system epss
scoring_elements 0.98188
published_at 2026-04-26T12:55:00Z
18
value 0.57888
scoring_system epss
scoring_elements 0.98187
published_at 2026-04-24T12:55:00Z
19
value 0.57888
scoring_system epss
scoring_elements 0.98185
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46589
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b
5
reference_url https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd
6
reference_url https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642
7
reference_url https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08
8
reference_url https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/
url https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
9
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html
10
reference_url https://security.netapp.com/advisory/ntap-20231214-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0009
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
13
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
14
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
15
reference_url https://www.openwall.com/lists/oss-security/2023/11/28/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-11T16:04:24Z/
url https://www.openwall.com/lists/oss-security/2023/11/28/2
16
reference_url http://www.openwall.com/lists/oss-security/2023/11/28/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/28/2
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082
reference_id 1057082
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057082
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252050
reference_id 2252050
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252050
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
reference_id CVE-2023-46589
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46589
reference_id CVE-2023-46589
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46589
21
reference_url https://github.com/advisories/GHSA-fccv-jmmp-qg76
reference_id GHSA-fccv-jmmp-qg76
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fccv-jmmp-qg76
22
reference_url https://access.redhat.com/errata/RHSA-2024:0532
reference_id RHSA-2024:0532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0532
23
reference_url https://access.redhat.com/errata/RHSA-2024:0539
reference_id RHSA-2024:0539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0539
24
reference_url https://access.redhat.com/errata/RHSA-2024:1092
reference_id RHSA-2024:1092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1092
25
reference_url https://access.redhat.com/errata/RHSA-2024:1134
reference_id RHSA-2024:1134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1134
26
reference_url https://access.redhat.com/errata/RHSA-2024:1318
reference_id RHSA-2024:1318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1318
27
reference_url https://access.redhat.com/errata/RHSA-2024:1319
reference_id RHSA-2024:1319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1319
28
reference_url https://access.redhat.com/errata/RHSA-2024:1324
reference_id RHSA-2024:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1324
29
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
30
reference_url https://usn.ubuntu.com/7032-1/
reference_id USN-7032-1
reference_type
scores
url https://usn.ubuntu.com/7032-1/
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.83
purl pkg:maven/org.apache.tomcat/tomcat@9.0.83
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-74tx-sx8a-guhs
2
vulnerability VCID-8war-4v58-eub2
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-gyed-x6s8-ybhr
5
vulnerability VCID-yrzk-1dbk-muhy
6
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.83
1
url pkg:maven/org.apache.tomcat/tomcat@10.1.16
purl pkg:maven/org.apache.tomcat/tomcat@10.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-74tx-sx8a-guhs
2
vulnerability VCID-8war-4v58-eub2
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-gyed-x6s8-ybhr
5
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.16
2
url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11
purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-5781-s1ny-q7ey
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8war-4v58-eub2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-n9yk-e49f-n7e7
7
vulnerability VCID-rzj2-4kcj-43dq
8
vulnerability VCID-yrzk-1dbk-muhy
9
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M11
3
url pkg:maven/org.apache.tomcat/tomcat@11.0.1
purl pkg:maven/org.apache.tomcat/tomcat@11.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-43j2-w5xt-43g9
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-8war-4v58-eub2
5
vulnerability VCID-d1fm-vbd1-n7au
6
vulnerability VCID-gvhy-d4gm-57d3
7
vulnerability VCID-gyed-x6s8-ybhr
8
vulnerability VCID-v8ku-sjc8-wfga
9
vulnerability VCID-yrzk-1dbk-muhy
10
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.1
aliases CVE-2023-46589, GHSA-fccv-jmmp-qg76
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3bb-9ajg-sfc9
4
url VCID-d1fm-vbd1-n7au
vulnerability_id VCID-d1fm-vbd1-n7au
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34487
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08846
published_at 2026-04-12T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08877
published_at 2026-04-11T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08832
published_at 2026-04-13T12:55:00Z
3
value 0.00082
scoring_system epss
scoring_elements 0.23801
published_at 2026-04-29T12:55:00Z
4
value 0.00082
scoring_system epss
scoring_elements 0.23843
published_at 2026-04-26T12:55:00Z
5
value 0.00082
scoring_system epss
scoring_elements 0.23854
published_at 2026-04-24T12:55:00Z
6
value 0.00082
scoring_system epss
scoring_elements 0.23977
published_at 2026-04-21T12:55:00Z
7
value 0.00082
scoring_system epss
scoring_elements 0.23995
published_at 2026-04-18T12:55:00Z
8
value 0.00082
scoring_system epss
scoring_elements 0.24008
published_at 2026-04-16T12:55:00Z
9
value 0.00082
scoring_system epss
scoring_elements 0.23835
published_at 2026-05-09T12:55:00Z
10
value 0.00082
scoring_system epss
scoring_elements 0.23764
published_at 2026-05-07T12:55:00Z
11
value 0.00082
scoring_system epss
scoring_elements 0.2368
published_at 2026-05-05T12:55:00Z
12
value 0.00091
scoring_system epss
scoring_elements 0.25577
published_at 2026-05-14T12:55:00Z
13
value 0.00091
scoring_system epss
scoring_elements 0.25482
published_at 2026-05-11T12:55:00Z
14
value 0.00091
scoring_system epss
scoring_elements 0.25499
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34487
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150
5
reference_url https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d
6
reference_url https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976
7
reference_url https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:47:28Z/
url https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34487
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34487
9
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/28
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/28
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id 1133356
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id 1133357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457038
reference_id 2457038
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457038
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487
reference_id CVE-2026-34487
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487
14
reference_url https://github.com/advisories/GHSA-x4m4-345f-5h5g
reference_id GHSA-x4m4-345f-5h5g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4m4-345f-5h5g
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.117
purl pkg:maven/org.apache.tomcat/tomcat@9.0.117
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4b-b29n-xqbf
1
vulnerability VCID-2xj4-ez2z-cqcd
2
vulnerability VCID-95ew-nvd2-4uhu
3
vulnerability VCID-f2y6-wdzk-3ugu
4
vulnerability VCID-jgnm-7wnr-j3cy
5
vulnerability VCID-mm1u-x9eu-s3dr
6
vulnerability VCID-qqtd-9qtt-6kee
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117
1
url pkg:maven/org.apache.tomcat/tomcat@10.1.54
purl pkg:maven/org.apache.tomcat/tomcat@10.1.54
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4b-b29n-xqbf
1
vulnerability VCID-2xj4-ez2z-cqcd
2
vulnerability VCID-95ew-nvd2-4uhu
3
vulnerability VCID-f2y6-wdzk-3ugu
4
vulnerability VCID-jgnm-7wnr-j3cy
5
vulnerability VCID-mm1u-x9eu-s3dr
6
vulnerability VCID-qqtd-9qtt-6kee
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54
2
url pkg:maven/org.apache.tomcat/tomcat@11.0.21
purl pkg:maven/org.apache.tomcat/tomcat@11.0.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4b-b29n-xqbf
1
vulnerability VCID-2xj4-ez2z-cqcd
2
vulnerability VCID-95ew-nvd2-4uhu
3
vulnerability VCID-f2y6-wdzk-3ugu
4
vulnerability VCID-jgnm-7wnr-j3cy
5
vulnerability VCID-mm1u-x9eu-s3dr
6
vulnerability VCID-qqtd-9qtt-6kee
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21
aliases CVE-2026-34487, GHSA-x4m4-345f-5h5g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1fm-vbd1-n7au
5
url VCID-gyed-x6s8-ybhr
vulnerability_id VCID-gyed-x6s8-ybhr
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24880
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08199
published_at 2026-04-13T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08216
published_at 2026-04-12T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08236
published_at 2026-04-11T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44021
published_at 2026-04-18T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.438
published_at 2026-05-09T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.43782
published_at 2026-05-07T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.43706
published_at 2026-05-05T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.43827
published_at 2026-04-29T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.44031
published_at 2026-04-16T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.43912
published_at 2026-04-26T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.43909
published_at 2026-04-24T12:55:00Z
11
value 0.00215
scoring_system epss
scoring_elements 0.43957
published_at 2026-04-21T12:55:00Z
12
value 0.0024
scoring_system epss
scoring_elements 0.46983
published_at 2026-05-12T12:55:00Z
13
value 0.0024
scoring_system epss
scoring_elements 0.47052
published_at 2026-05-14T12:55:00Z
14
value 0.0024
scoring_system epss
scoring_elements 0.46951
published_at 2026-05-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24880
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a
5
reference_url https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb
6
reference_url https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5
7
reference_url https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c
8
reference_url https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522
9
reference_url https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552
10
reference_url https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/
url https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24880
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24880
12
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53
13
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20
14
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116
15
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/20
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id 1133356
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id 1133357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457040
reference_id 2457040
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457040
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880
reference_id CVE-2026-24880
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880
20
reference_url https://www.herodevs.com/vulnerability-directory/cve-2026-24880
reference_id CVE-2026-24880
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.herodevs.com/vulnerability-directory/cve-2026-24880
21
reference_url https://github.com/advisories/GHSA-563x-q5rq-57qp
reference_id GHSA-563x-q5rq-57qp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-563x-q5rq-57qp
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.116
purl pkg:maven/org.apache.tomcat/tomcat@9.0.116
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-8e1c-rbkg-v7c2
2
vulnerability VCID-abt4-b2cv-eygv
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-yrzk-1dbk-muhy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116
1
url pkg:maven/org.apache.tomcat/tomcat@10.1.52
purl pkg:maven/org.apache.tomcat/tomcat@10.1.52
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-35xg-a746-5qgc
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-maw6-4qs5-ykae
7
vulnerability VCID-rsxs-u5cc-rkgj
8
vulnerability VCID-yrzk-1dbk-muhy
9
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52
2
url pkg:maven/org.apache.tomcat/tomcat@10.1.53
purl pkg:maven/org.apache.tomcat/tomcat@10.1.53
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-8e1c-rbkg-v7c2
2
vulnerability VCID-abt4-b2cv-eygv
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-yrzk-1dbk-muhy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53
3
url pkg:maven/org.apache.tomcat/tomcat@11.0.20
purl pkg:maven/org.apache.tomcat/tomcat@11.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-8e1c-rbkg-v7c2
2
vulnerability VCID-abt4-b2cv-eygv
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-yrzk-1dbk-muhy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20
aliases CVE-2026-24880, GHSA-563x-q5rq-57qp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gyed-x6s8-ybhr
6
url VCID-yrzk-1dbk-muhy
vulnerability_id VCID-yrzk-1dbk-muhy
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29146
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08832
published_at 2026-04-13T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08846
published_at 2026-04-12T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08877
published_at 2026-04-11T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.2843
published_at 2026-04-18T12:55:00Z
4
value 0.00104
scoring_system epss
scoring_elements 0.2799
published_at 2026-05-09T12:55:00Z
5
value 0.00104
scoring_system epss
scoring_elements 0.27966
published_at 2026-05-07T12:55:00Z
6
value 0.00104
scoring_system epss
scoring_elements 0.27903
published_at 2026-05-05T12:55:00Z
7
value 0.00104
scoring_system epss
scoring_elements 0.28063
published_at 2026-04-29T12:55:00Z
8
value 0.00104
scoring_system epss
scoring_elements 0.28141
published_at 2026-04-26T12:55:00Z
9
value 0.00104
scoring_system epss
scoring_elements 0.28253
published_at 2026-04-24T12:55:00Z
10
value 0.00104
scoring_system epss
scoring_elements 0.28379
published_at 2026-04-21T12:55:00Z
11
value 0.00104
scoring_system epss
scoring_elements 0.28454
published_at 2026-04-16T12:55:00Z
12
value 0.00117
scoring_system epss
scoring_elements 0.30005
published_at 2026-05-14T12:55:00Z
13
value 0.00117
scoring_system epss
scoring_elements 0.29909
published_at 2026-05-11T12:55:00Z
14
value 0.00117
scoring_system epss
scoring_elements 0.29931
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29146
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1
5
reference_url https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd
6
reference_url https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1
7
reference_url https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c
8
reference_url https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa
9
reference_url https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418
10
reference_url https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:17:02Z/
url https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29146
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29146
12
reference_url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53
13
reference_url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20
14
reference_url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116
15
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/24
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/24
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id 1133356
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id 1133357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457020
reference_id 2457020
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457020
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146
reference_id CVE-2026-29146
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146
20
reference_url https://www.herodevs.com/vulnerability-directory/cve-2026-29146
reference_id CVE-2026-29146
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.herodevs.com/vulnerability-directory/cve-2026-29146
21
reference_url https://github.com/advisories/GHSA-h468-7pvh-8vr8
reference_id GHSA-h468-7pvh-8vr8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h468-7pvh-8vr8
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.116
purl pkg:maven/org.apache.tomcat/tomcat@9.0.116
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-8e1c-rbkg-v7c2
2
vulnerability VCID-abt4-b2cv-eygv
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-yrzk-1dbk-muhy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.117
purl pkg:maven/org.apache.tomcat/tomcat@9.0.117
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4b-b29n-xqbf
1
vulnerability VCID-2xj4-ez2z-cqcd
2
vulnerability VCID-95ew-nvd2-4uhu
3
vulnerability VCID-f2y6-wdzk-3ugu
4
vulnerability VCID-jgnm-7wnr-j3cy
5
vulnerability VCID-mm1u-x9eu-s3dr
6
vulnerability VCID-qqtd-9qtt-6kee
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117
2
url pkg:maven/org.apache.tomcat/tomcat@10.1.53
purl pkg:maven/org.apache.tomcat/tomcat@10.1.53
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-8e1c-rbkg-v7c2
2
vulnerability VCID-abt4-b2cv-eygv
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-yrzk-1dbk-muhy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53
3
url pkg:maven/org.apache.tomcat/tomcat@10.1.54
purl pkg:maven/org.apache.tomcat/tomcat@10.1.54
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4b-b29n-xqbf
1
vulnerability VCID-2xj4-ez2z-cqcd
2
vulnerability VCID-95ew-nvd2-4uhu
3
vulnerability VCID-f2y6-wdzk-3ugu
4
vulnerability VCID-jgnm-7wnr-j3cy
5
vulnerability VCID-mm1u-x9eu-s3dr
6
vulnerability VCID-qqtd-9qtt-6kee
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54
4
url pkg:maven/org.apache.tomcat/tomcat@11.0.19
purl pkg:maven/org.apache.tomcat/tomcat@11.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-maw6-4qs5-ykae
1
vulnerability VCID-rsxs-u5cc-rkgj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.19
5
url pkg:maven/org.apache.tomcat/tomcat@11.0.20
purl pkg:maven/org.apache.tomcat/tomcat@11.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-8e1c-rbkg-v7c2
2
vulnerability VCID-abt4-b2cv-eygv
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-yrzk-1dbk-muhy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20
6
url pkg:maven/org.apache.tomcat/tomcat@11.0.21
purl pkg:maven/org.apache.tomcat/tomcat@11.0.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4b-b29n-xqbf
1
vulnerability VCID-2xj4-ez2z-cqcd
2
vulnerability VCID-95ew-nvd2-4uhu
3
vulnerability VCID-f2y6-wdzk-3ugu
4
vulnerability VCID-jgnm-7wnr-j3cy
5
vulnerability VCID-mm1u-x9eu-s3dr
6
vulnerability VCID-qqtd-9qtt-6kee
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21
aliases CVE-2026-29146, GHSA-h468-7pvh-8vr8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzk-1dbk-muhy
7
url VCID-zw2q-kna8-mqcm
vulnerability_id VCID-zw2q-kna8-mqcm
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25854
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07234
published_at 2026-04-16T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07524
published_at 2026-05-09T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07455
published_at 2026-05-07T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.09897
published_at 2026-05-14T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.0983
published_at 2026-05-12T12:55:00Z
5
value 0.00033
scoring_system epss
scoring_elements 0.09793
published_at 2026-05-11T12:55:00Z
6
value 0.00035
scoring_system epss
scoring_elements 0.10373
published_at 2026-05-05T12:55:00Z
7
value 0.00035
scoring_system epss
scoring_elements 0.10375
published_at 2026-04-18T12:55:00Z
8
value 0.00035
scoring_system epss
scoring_elements 0.10425
published_at 2026-04-29T12:55:00Z
9
value 0.00035
scoring_system epss
scoring_elements 0.10485
published_at 2026-04-26T12:55:00Z
10
value 0.00035
scoring_system epss
scoring_elements 0.10487
published_at 2026-04-24T12:55:00Z
11
value 0.00035
scoring_system epss
scoring_elements 0.10503
published_at 2026-04-21T12:55:00Z
12
value 9e-05
scoring_system epss
scoring_elements 0.00829
published_at 2026-04-13T12:55:00Z
13
value 9e-05
scoring_system epss
scoring_elements 0.00834
published_at 2026-04-11T12:55:00Z
14
value 9e-05
scoring_system epss
scoring_elements 0.00828
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25854
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695
5
reference_url https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2
6
reference_url https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0
7
reference_url https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/
url https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25854
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25854
9
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/21
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/21
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
reference_id 1133356
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
reference_id 1133357
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457039
reference_id 2457039
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457039
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854
reference_id CVE-2026-25854
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854
14
reference_url https://github.com/advisories/GHSA-9m3c-qcxr-9x87
reference_id GHSA-9m3c-qcxr-9x87
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9m3c-qcxr-9x87
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.116
purl pkg:maven/org.apache.tomcat/tomcat@9.0.116
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-8e1c-rbkg-v7c2
2
vulnerability VCID-abt4-b2cv-eygv
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-yrzk-1dbk-muhy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116
1
url pkg:maven/org.apache.tomcat/tomcat@10.1.53
purl pkg:maven/org.apache.tomcat/tomcat@10.1.53
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-8e1c-rbkg-v7c2
2
vulnerability VCID-abt4-b2cv-eygv
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-yrzk-1dbk-muhy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53
2
url pkg:maven/org.apache.tomcat/tomcat@11.0.20
purl pkg:maven/org.apache.tomcat/tomcat@11.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-8e1c-rbkg-v7c2
2
vulnerability VCID-abt4-b2cv-eygv
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-yrzk-1dbk-muhy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20
aliases CVE-2026-25854, GHSA-9m3c-qcxr-9x87
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zw2q-kna8-mqcm
Fixing_vulnerabilities
0
url VCID-xgr8-tpv5-q3b2
vulnerability_id VCID-xgr8-tpv5-q3b2
summary The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28709.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28709.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28709
reference_id
reference_type
scores
0
value 0.00383
scoring_system epss
scoring_elements 0.59618
published_at 2026-04-04T12:55:00Z
1
value 0.00383
scoring_system epss
scoring_elements 0.59758
published_at 2026-05-14T12:55:00Z
2
value 0.00383
scoring_system epss
scoring_elements 0.59689
published_at 2026-05-12T12:55:00Z
3
value 0.00383
scoring_system epss
scoring_elements 0.59662
published_at 2026-05-11T12:55:00Z
4
value 0.00383
scoring_system epss
scoring_elements 0.59703
published_at 2026-05-09T12:55:00Z
5
value 0.00383
scoring_system epss
scoring_elements 0.59645
published_at 2026-05-07T12:55:00Z
6
value 0.00383
scoring_system epss
scoring_elements 0.59597
published_at 2026-05-05T12:55:00Z
7
value 0.00383
scoring_system epss
scoring_elements 0.5965
published_at 2026-04-26T12:55:00Z
8
value 0.00383
scoring_system epss
scoring_elements 0.59629
published_at 2026-04-24T12:55:00Z
9
value 0.00383
scoring_system epss
scoring_elements 0.5966
published_at 2026-04-21T12:55:00Z
10
value 0.00383
scoring_system epss
scoring_elements 0.59677
published_at 2026-04-18T12:55:00Z
11
value 0.00383
scoring_system epss
scoring_elements 0.59669
published_at 2026-04-16T12:55:00Z
12
value 0.00383
scoring_system epss
scoring_elements 0.59636
published_at 2026-04-29T12:55:00Z
13
value 0.00383
scoring_system epss
scoring_elements 0.59655
published_at 2026-04-12T12:55:00Z
14
value 0.00383
scoring_system epss
scoring_elements 0.59672
published_at 2026-04-11T12:55:00Z
15
value 0.00383
scoring_system epss
scoring_elements 0.59652
published_at 2026-04-09T12:55:00Z
16
value 0.00383
scoring_system epss
scoring_elements 0.59593
published_at 2026-04-02T12:55:00Z
17
value 0.00383
scoring_system epss
scoring_elements 0.59639
published_at 2026-04-08T12:55:00Z
18
value 0.00383
scoring_system epss
scoring_elements 0.59588
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28709
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/5badf94e79e5de206fc0ef3054fd536b1bb787cd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/5badf94e79e5de206fc0ef3054fd536b1bb787cd
5
reference_url https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc
6
reference_url https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
7
reference_url https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861
8
reference_url https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:15:57Z/
url https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j
9
reference_url https://security.gentoo.org/glsa/202305-37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:15:57Z/
url https://security.gentoo.org/glsa/202305-37
10
reference_url https://security.netapp.com/advisory/ntap-20230616-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230616-0004
11
reference_url https://tomcat.apache.org/security-10.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-10.html
12
reference_url https://tomcat.apache.org/security-11.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-11.html
13
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-8.html
14
reference_url https://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tomcat.apache.org/security-9.html
15
reference_url https://www.debian.org/security/2023/dsa-5521
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:15:57Z/
url https://www.debian.org/security/2023/dsa-5521
16
reference_url http://www.openwall.com/lists/oss-security/2023/05/22/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:15:57Z/
url http://www.openwall.com/lists/oss-security/2023/05/22/1
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2210321
reference_id 2210321
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2210321
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28709
reference_id CVE-2023-28709
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28709
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28709
reference_id CVE-2023-28709
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28709
20
reference_url https://github.com/advisories/GHSA-cx6h-86xw-9x34
reference_id GHSA-cx6h-86xw-9x34
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cx6h-86xw-9x34
21
reference_url https://security.netapp.com/advisory/ntap-20230616-0004/
reference_id ntap-20230616-0004
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:15:57Z/
url https://security.netapp.com/advisory/ntap-20230616-0004/
22
reference_url https://access.redhat.com/errata/RHSA-2023:4909
reference_id RHSA-2023:4909
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4909
23
reference_url https://access.redhat.com/errata/RHSA-2023:4910
reference_id RHSA-2023:4910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4910
24
reference_url https://access.redhat.com/errata/RHSA-2023:6570
reference_id RHSA-2023:6570
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6570
25
reference_url https://access.redhat.com/errata/RHSA-2023:7065
reference_id RHSA-2023:7065
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7065
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.88
purl pkg:maven/org.apache.tomcat/tomcat@8.5.88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5732-xnx7-tkfy
1
vulnerability VCID-6kcx-vptm-zbds
2
vulnerability VCID-b3bb-9ajg-sfc9
3
vulnerability VCID-g7bk-891a-uufy
4
vulnerability VCID-gyed-x6s8-ybhr
5
vulnerability VCID-yrzk-1dbk-muhy
6
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.88
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.74
purl pkg:maven/org.apache.tomcat/tomcat@9.0.74
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-5732-xnx7-tkfy
2
vulnerability VCID-6kcx-vptm-zbds
3
vulnerability VCID-b3bb-9ajg-sfc9
4
vulnerability VCID-d1fm-vbd1-n7au
5
vulnerability VCID-gyed-x6s8-ybhr
6
vulnerability VCID-yrzk-1dbk-muhy
7
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.74
2
url pkg:maven/org.apache.tomcat/tomcat@10.1.8
purl pkg:maven/org.apache.tomcat/tomcat@10.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-5732-xnx7-tkfy
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8war-4v58-eub2
4
vulnerability VCID-b3bb-9ajg-sfc9
5
vulnerability VCID-d1fm-vbd1-n7au
6
vulnerability VCID-gyed-x6s8-ybhr
7
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.8
3
url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M5
purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-74tx-sx8a-guhs
2
vulnerability VCID-8war-4v58-eub2
3
vulnerability VCID-d1fm-vbd1-n7au
4
vulnerability VCID-gyed-x6s8-ybhr
5
vulnerability VCID-yrzk-1dbk-muhy
6
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M5
4
url pkg:maven/org.apache.tomcat/tomcat@11.0.1
purl pkg:maven/org.apache.tomcat/tomcat@11.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rmy-13ym-3bgm
1
vulnerability VCID-43j2-w5xt-43g9
2
vulnerability VCID-74tx-sx8a-guhs
3
vulnerability VCID-8e1c-rbkg-v7c2
4
vulnerability VCID-8war-4v58-eub2
5
vulnerability VCID-d1fm-vbd1-n7au
6
vulnerability VCID-gvhy-d4gm-57d3
7
vulnerability VCID-gyed-x6s8-ybhr
8
vulnerability VCID-v8ku-sjc8-wfga
9
vulnerability VCID-yrzk-1dbk-muhy
10
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.1
aliases CVE-2023-28709, GHSA-cx6h-86xw-9x34
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xgr8-tpv5-q3b2
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.74