{"url":"http://public2.vulnerablecode.io/api/packages/87055?format=json","purl":"pkg:apache/tomcat@8.0.0-RC1","type":"apache","namespace":"","name":"tomcat","version":"8.0.0-RC1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.0.0-RC10","latest_non_vulnerable_version":"11.0.22","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43976?format=json","vulnerability_id":"VCID-1a1b-3pdg-jbfq","summary":"Integer Overflow or Wraparound in Apache Tomcat\nInteger overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-0865.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://linux.oracle.com/errata/ELSA-2014-0865.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0075.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0075","reference_id":"","reference_type":"","scores":[{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97731","published_at":"2026-06-07T12:55:00Z"},{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.9773","published_at":"2026-06-05T12:55:00Z"},{"value":"0.46749","scoring_system":"epss","scoring_elements":"0.97726","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0075"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/59121","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59121"},{"reference_url":"http://secunia.com/advisories/59616","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59616"},{"reference_url":"http://secunia.com/advisories/59678","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59678"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59835","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59835"},{"reference_url":"http://secunia.com/advisories/59849","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59849"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"http://secunia.com/advisories/60793","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60793"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed"},{"reference_url":"https://github.com/apache/tomcat80/commit/d49a03728ac7e3c800b1b0ce0eeccd8a5a21bb91","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/d49a03728ac7e3c800b1b0ce0eeccd8a5a21bb91"},{"reference_url":"https://github.com/apache/tomcat/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b6974571c122f6a1e7ec74a90fa212976fa7b0ed"},{"reference_url":"https://github.com/apache/tomcat/commit/f646a5acd5e32d6f5a2d9bf1d94ca66b65477675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f646a5acd5e32d6f5a2d9bf1d94ca66b65477675"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578337","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578337"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578341","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578341"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1579262","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1579262"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578337","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578337"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578341","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578341"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1579262","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1579262"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.novell.com/support/kb/doc.php?id=7010166","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/support/kb/doc.php?id=7010166"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67671","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67671"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1072776","reference_id":"1072776","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1072776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075","reference_id":"CVE-2014-0075","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0075","reference_id":"CVE-2014-0075","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0075"},{"reference_url":"https://github.com/advisories/GHSA-475f-74wp-pqv5","reference_id":"GHSA-475f-74wp-pqv5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-475f-74wp-pqv5"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0827","reference_id":"RHSA-2014:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0833","reference_id":"RHSA-2014:0833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0834","reference_id":"RHSA-2014:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0835","reference_id":"RHSA-2014:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0836","reference_id":"RHSA-2014:0836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0865","reference_id":"RHSA-2014:0865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1149","reference_id":"RHSA-2014:1149","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2302-1/","reference_id":"USN-2302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87066?format=json","purl":"pkg:apache/tomcat@8.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xjj5-fy4e-e7ha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.5"}],"aliases":["CVE-2014-0075","GHSA-475f-74wp-pqv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1a1b-3pdg-jbfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43822?format=json","vulnerability_id":"VCID-2kjh-4r2g-rqe6","summary":"Improper Access Control\nThe Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.","references":[{"reference_url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1621.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1621.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0492.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0492.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7810.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7810","reference_id":"","reference_type":"","scores":[{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.92981","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.92984","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.92988","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.92991","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7810"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1644018","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1644018"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1644019","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1644019"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1645366","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1645366"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1645642","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1645642"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1645644","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1645644"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659538","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659538"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1644018","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1644018"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1645642","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1645642"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www.debian.org/security/2015/dsa-3428","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3428"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2655-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2655-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222573","reference_id":"1222573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810","reference_id":"CVE-2014-7810","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7810","reference_id":"CVE-2014-7810","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7810"},{"reference_url":"https://github.com/advisories/GHSA-4c43-cwvx-9crh","reference_id":"GHSA-4c43-cwvx-9crh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4c43-cwvx-9crh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1621","reference_id":"RHSA-2015:1621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1622","reference_id":"RHSA-2015:1622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0492","reference_id":"RHSA-2016:0492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0492"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"},{"reference_url":"https://usn.ubuntu.com/2655-1/","reference_id":"USN-2655-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2655-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87060?format=json","purl":"pkg:apache/tomcat@8.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.17"}],"aliases":["CVE-2014-7810","GHSA-4c43-cwvx-9crh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2kjh-4r2g-rqe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37655?format=json","vulnerability_id":"VCID-3txt-1psa-5kf5","summary":"Denial of service\n`MultipartStream.java` in this package allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted `Content-Type` header that bypasses a loop's intended exit conditions.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0110.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0110.html"},{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017"},{"reference_url":"http://jvn.jp/en/jp/JVN14876762/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN14876762/index.html"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E"},{"reference_url":"http://marc.info/?l=bugtraq&m=143136844732487&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=143136844732487&w=2"},{"reference_url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0252.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0252.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0253.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0253.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0400.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0400.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0050.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0050.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0050","reference_id":"","reference_type":"","scores":[{"value":"0.92712","scoring_system":"epss","scoring_elements":"0.99764","published_at":"2026-06-07T12:55:00Z"},{"value":"0.92712","scoring_system":"epss","scoring_elements":"0.99763","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1062337","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1062337"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/57915","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/57915"},{"reference_url":"http://secunia.com/advisories/58075","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/58075"},{"reference_url":"http://secunia.com/advisories/58976","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/58976"},{"reference_url":"http://secunia.com/advisories/59039","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59039"},{"reference_url":"http://secunia.com/advisories/59041","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59041"},{"reference_url":"http://secunia.com/advisories/59183","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59183"},{"reference_url":"http://secunia.com/advisories/59184","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59184"},{"reference_url":"http://secunia.com/advisories/59185","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59185"},{"reference_url":"http://secunia.com/advisories/59187","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59187"},{"reference_url":"http://secunia.com/advisories/59232","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59232"},{"reference_url":"http://secunia.com/advisories/59399","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59399"},{"reference_url":"http://secunia.com/advisories/59492","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59492"},{"reference_url":"http://secunia.com/advisories/59500","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59500"},{"reference_url":"http://secunia.com/advisories/59725","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59725"},{"reference_url":"http://secunia.com/advisories/60475","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60475"},{"reference_url":"http://secunia.com/advisories/60753","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60753"},{"reference_url":"https://github.com/apache/commons-fileupload","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload"},{"reference_url":"https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload/commit/c61ff05b3241cb14d989b67209e57aa71540417a"},{"reference_url":"https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/29384723d8d9645b87e05be9fa369a4deeb78b9c"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1565143","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1565143"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1565163","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1565163"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1565169","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1565169"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1565163","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1565163"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1565169","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1565169"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"http://struts.apache.org/docs/s2-020.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-020.html"},{"reference_url":"http://svn.apache.org/r1565143","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/r1565143"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1565143","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=1565143"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21669554","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21669554"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675432","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675432"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676091","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676091"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676092","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676092"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676401","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676401"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676403","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676403"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676405","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676405"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676410","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676410"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676656","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676656"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676853","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676853"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677691","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677691"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677724","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677724"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681214","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681214"},{"reference_url":"http://www.debian.org/security/2014/dsa-2856","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2856"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html"},{"reference_url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"},{"reference_url":"http://www.securityfocus.com/archive/1/532549/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/532549/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/65400","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/65400"},{"reference_url":"http://www.ubuntu.com/usn/USN-2130-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2130-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050","reference_id":"CVE-2014-0050","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0050","reference_id":"CVE-2014-0050","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0050"},{"reference_url":"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html","reference_id":"CVE-2014-0050-EXPLOIT-WITH-BOUNDARIES-LOOPS-WITHOUT-BOUNDARIES.HTML","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31615.rb","reference_id":"CVE-2014-0050;OSVDB-102945","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/31615.rb"},{"reference_url":"https://github.com/advisories/GHSA-xx68-jfcg-xmmf","reference_id":"GHSA-xx68-jfcg-xmmf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx68-jfcg-xmmf"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0252","reference_id":"RHSA-2014:0252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0253","reference_id":"RHSA-2014:0253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0373","reference_id":"RHSA-2014:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0400","reference_id":"RHSA-2014:0400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0401","reference_id":"RHSA-2014:0401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0429","reference_id":"RHSA-2014:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0452","reference_id":"RHSA-2014:0452","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0459","reference_id":"RHSA-2014:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0473","reference_id":"RHSA-2014:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0525","reference_id":"RHSA-2014:0525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0526","reference_id":"RHSA-2014:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0527","reference_id":"RHSA-2014:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0528","reference_id":"RHSA-2014:0528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2130-1/","reference_id":"USN-2130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2130-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87068?format=json","purl":"pkg:apache/tomcat@8.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1b-3pdg-jbfq"},{"vulnerability":"VCID-937w-2w2q-7fdy"},{"vulnerability":"VCID-nnye-4xbb-kuf5"},{"vulnerability":"VCID-xvz4-nm7g-2fee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.3"}],"aliases":["CVE-2014-0050","GHSA-xx68-jfcg-xmmf"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3txt-1psa-5kf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43804?format=json","vulnerability_id":"VCID-4qcn-52ug-mbd5","summary":"Improper Input Validation\nApache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0148.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0148.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4322.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4322.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4322","reference_id":"","reference_type":"","scores":[{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.97223","published_at":"2026-06-04T12:55:00Z"},{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.97229","published_at":"2026-06-06T12:55:00Z"},{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.9723","published_at":"2026-06-07T12:55:00Z"},{"value":"0.36664","scoring_system":"epss","scoring_elements":"0.97227","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4322"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069905","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069905"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://secunia.com/advisories/59036","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59036"},{"reference_url":"http://secunia.com/advisories/59675","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59675"},{"reference_url":"http://secunia.com/advisories/59722","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59722"},{"reference_url":"http://secunia.com/advisories/59724","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59724"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59873"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd"},{"reference_url":"https://github.com/apache/tomcat70/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4"},{"reference_url":"https://github.com/apache/tomcat/commit/70dc3b279f7c99136c2c51bce8812508b4893c8b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/70dc3b279f7c99136c2c51bce8812508b4893c8b"},{"reference_url":"https://github.com/apache/tomcat/commit/72613a0e2f88af789c2acc7093c82ff02b95b6d1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/72613a0e2f88af789c2acc7093c82ff02b95b6d1"},{"reference_url":"https://github.com/apache/tomcat/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a91516b80deaf1d0c6e04a7931765fdac34c4ccd"},{"reference_url":"https://github.com/apache/tomcat/commit/b8cb9f5f91e9210ca107fd80f3e6acd47531daa7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b8cb9f5f91e9210ca107fd80f3e6acd47531daa7"},{"reference_url":"https://github.com/apache/tomcat/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/bed3a1a0d06a3c787183c6e90f326bbe17e49dd4"},{"reference_url":"https://github.com/apache/tomcat/commit/d6a9898125f34e593de426e8c7dabb0f224fc00f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d6a9898125f34e593de426e8c7dabb0f224fc00f"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2014-0686.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2014-0686.html"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1521834","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1521834"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1521864","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1521864"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549522","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549522"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549523","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549523"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1556540","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1556540"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1521834","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1521834"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1521864","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1521864"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549522","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549522"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549523","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549523"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1556540","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1556540"},{"reference_url":"https://web.archive.org/web/20140315211337/http://www.securityfocus.com/bid/65767","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140315211337/http://www.securityfocus.com/bid/65767"},{"reference_url":"https://web.archive.org/web/20150503090027/http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150503090027/http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20151023203543/http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151023203543/http://secunia.com/advisories/59873"},{"reference_url":"https://web.archive.org/web/20161024215620/http://secunia.com/advisories/59036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215620/http://secunia.com/advisories/59036"},{"reference_url":"https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215639/http://secunia.com/advisories/59722"},{"reference_url":"https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024215804/http://secunia.com/advisories/59675"},{"reference_url":"https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161024220018/http://secunia.com/advisories/59724"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678113","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/65767","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/65767"},{"reference_url":"http://www.ubuntu.com/usn/USN-2130-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2130-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322","reference_id":"CVE-2013-4322","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4322","reference_id":"CVE-2013-4322","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4322"},{"reference_url":"https://github.com/advisories/GHSA-wq2p-q66w-q8gp","reference_id":"GHSA-wq2p-q66w-q8gp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq2p-q66w-q8gp"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0429","reference_id":"RHSA-2014:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0525","reference_id":"RHSA-2014:0525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0526","reference_id":"RHSA-2014:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0527","reference_id":"RHSA-2014:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0528","reference_id":"RHSA-2014:0528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0686","reference_id":"RHSA-2014:0686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0686"},{"reference_url":"https://usn.ubuntu.com/2130-1/","reference_id":"USN-2130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2130-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87073?format=json","purl":"pkg:apache/tomcat@8.0.0-RC10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.0-RC10"}],"aliases":["CVE-2013-4322","GHSA-wq2p-q66w-q8gp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qcn-52ug-mbd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43845?format=json","vulnerability_id":"VCID-6uuq-2a39-yubx","summary":"Uncontrolled Resource Consumption in Apache Tomcat\nApache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2"},{"reference_url":"http://openwall.com/lists/oss-security/2015/04/10/1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2015/04/10/1"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1622.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0595.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0595.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0596.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0596.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0597.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0597.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0598.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0598.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2659","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2660","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2660"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0230.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0230","reference_id":"","reference_type":"","scores":[{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87059","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87064","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87044","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03099","scoring_system":"epss","scoring_elements":"0.87067","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0230"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1"},{"reference_url":"https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba"},{"reference_url":"https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51"},{"reference_url":"https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1"},{"reference_url":"https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb"},{"reference_url":"https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5"},{"reference_url":"https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303"},{"reference_url":"https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16"},{"reference_url":"https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"},{"reference_url":"https://issues.jboss.org/browse/JWS-219","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/JWS-219"},{"reference_url":"https://issues.jboss.org/browse/JWS-220","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/JWS-220"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603770","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603770"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603775","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603775"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603779","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603779"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603781","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603781"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603811","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603811"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1609175","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1609175"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1609176","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1609176"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659294","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659294"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659295","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659295"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1659537","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1659537"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1603770","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1603770"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1603775","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1603775"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1603779","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1603779"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2655-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2655-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191200","reference_id":"1191200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230","reference_id":"CVE-2014-0230","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0230","reference_id":"CVE-2014-0230","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0230"},{"reference_url":"https://github.com/advisories/GHSA-pxcx-cxq8-4mmw","reference_id":"GHSA-pxcx-cxq8-4mmw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pxcx-cxq8-4mmw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1621","reference_id":"RHSA-2015:1621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1622","reference_id":"RHSA-2015:1622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2661","reference_id":"RHSA-2015:2661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0595","reference_id":"RHSA-2016:0595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0596","reference_id":"RHSA-2016:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0597","reference_id":"RHSA-2016:0597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0598","reference_id":"RHSA-2016:0598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0599","reference_id":"RHSA-2016:0599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2599","reference_id":"RHSA-2016:2599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2599"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"},{"reference_url":"https://usn.ubuntu.com/2655-1/","reference_id":"USN-2655-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2655-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87064?format=json","purl":"pkg:apache/tomcat@8.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.9"}],"aliases":["CVE-2014-0230","GHSA-pxcx-cxq8-4mmw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6uuq-2a39-yubx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43871?format=json","vulnerability_id":"VCID-937w-2w2q-7fdy","summary":"Improper Input Validation in Apache Tomcat\njava/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-0865.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://linux.oracle.com/errata/ELSA-2014-0865.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0096.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0096.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0096","reference_id":"","reference_type":"","scores":[{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90676","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90673","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90675","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05795","scoring_system":"epss","scoring_elements":"0.90662","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0096"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/135","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/135"},{"reference_url":"http://secunia.com/advisories/59121","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59121"},{"reference_url":"http://secunia.com/advisories/59616","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59616"},{"reference_url":"http://secunia.com/advisories/59678","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59678"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59835","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59835"},{"reference_url":"http://secunia.com/advisories/59849","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59849"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b"},{"reference_url":"https://github.com/apache/tomcat70/commit/5c545da226b3c71ed9603c38ad2de88057778c1b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/5c545da226b3c71ed9603c38ad2de88057778c1b"},{"reference_url":"https://github.com/apache/tomcat80/commit/65ed69d96a101dfa99eea2cfe17e9e87b310084c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/65ed69d96a101dfa99eea2cfe17e9e87b310084c"},{"reference_url":"https://github.com/apache/tomcat80/commit/f3f2979df693a9c84c6742fcb162f3671b0a50d3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/f3f2979df693a9c84c6742fcb162f3671b0a50d3"},{"reference_url":"https://github.com/apache/tomcat/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3c53c4da7bcf300f519eaed5ad1751d24dd59f6b"},{"reference_url":"https://github.com/apache/tomcat/commit/5c545da226b3c71ed9603c38ad2de88057778c1b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5c545da226b3c71ed9603c38ad2de88057778c1b"},{"reference_url":"https://github.com/apache/tomcat/commit/913d94b289e056107e521dbab8e79cc72a62a331","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/913d94b289e056107e521dbab8e79cc72a62a331"},{"reference_url":"https://github.com/apache/tomcat/commit/970c23bfd24dfa1dcb86ed917e6c8b47dcfb4433","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/970c23bfd24dfa1dcb86ed917e6c8b47dcfb4433"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578610","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578610"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578611","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578611"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578637","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578637"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578655","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578655"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1585853","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1585853"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578610","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578610"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578611","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578611"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578637","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578637"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578655","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578655"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1585853","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1585853"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.novell.com/support/kb/doc.php?id=7010166","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/support/kb/doc.php?id=7010166"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67667","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67667"},{"reference_url":"http://www.securitytracker.com/id/1030301","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030301"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088342","reference_id":"1088342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1088342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096","reference_id":"CVE-2014-0096","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0096","reference_id":"CVE-2014-0096","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0096"},{"reference_url":"https://github.com/advisories/GHSA-qprx-q2r7-3rx6","reference_id":"GHSA-qprx-q2r7-3rx6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qprx-q2r7-3rx6"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0827","reference_id":"RHSA-2014:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0833","reference_id":"RHSA-2014:0833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0834","reference_id":"RHSA-2014:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0835","reference_id":"RHSA-2014:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0836","reference_id":"RHSA-2014:0836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0865","reference_id":"RHSA-2014:0865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2302-1/","reference_id":"USN-2302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87066?format=json","purl":"pkg:apache/tomcat@8.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xjj5-fy4e-e7ha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.5"}],"aliases":["CVE-2014-0096","GHSA-qprx-q2r7-3rx6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-937w-2w2q-7fdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43803?format=json","vulnerability_id":"VCID-nnye-4xbb-kuf5","summary":"Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat\nInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://linux.oracle.com/errata/ELSA-2014-0865.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://linux.oracle.com/errata/ELSA-2014-0865.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141390017113542&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0099.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0099.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0099","reference_id":"","reference_type":"","scores":[{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97295","published_at":"2026-06-05T12:55:00Z"},{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97291","published_at":"2026-06-04T12:55:00Z"},{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97298","published_at":"2026-06-07T12:55:00Z"},{"value":"0.37857","scoring_system":"epss","scoring_elements":"0.97296","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0099"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/138","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/138"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/140","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/140"},{"reference_url":"http://secunia.com/advisories/59121","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59121"},{"reference_url":"http://secunia.com/advisories/59678","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59678"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59835","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59835"},{"reference_url":"http://secunia.com/advisories/59849","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59849"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"http://secunia.com/advisories/60793","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60793"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/184cdc0d3f03f5737e12d21fff246d7285034597","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/184cdc0d3f03f5737e12d21fff246d7285034597"},{"reference_url":"https://github.com/apache/tomcat80/commit/990de53ab923c126f7402090a4ca53df4bb80cbd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/990de53ab923c126f7402090a4ca53df4bb80cbd"},{"reference_url":"https://github.com/apache/tomcat/commit/184cdc0d3f03f5737e12d21fff246d7285034597","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/184cdc0d3f03f5737e12d21fff246d7285034597"},{"reference_url":"https://github.com/apache/tomcat/commit/fffd63a3bd3a5475379b7c074820a5463b7663b3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fffd63a3bd3a5475379b7c074820a5463b7663b3"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578812","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578812"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1578814","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1578814"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1580473","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1580473"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578812","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578812"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1578814","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1578814"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1580473","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1580473"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21680603"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.securityfocus.com/archive/1/532218/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/532218/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/532221/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/532221/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67668","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67668"},{"reference_url":"http://www.securitytracker.com/id/1030302","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030302"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102030","reference_id":"1102030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099","reference_id":"CVE-2014-0099","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0099","reference_id":"CVE-2014-0099","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0099"},{"reference_url":"https://github.com/advisories/GHSA-xh5x-j8jf-pcpx","reference_id":"GHSA-xh5x-j8jf-pcpx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh5x-j8jf-pcpx"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0827","reference_id":"RHSA-2014:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0833","reference_id":"RHSA-2014:0833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0834","reference_id":"RHSA-2014:0834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0835","reference_id":"RHSA-2014:0835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0836","reference_id":"RHSA-2014:0836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0865","reference_id":"RHSA-2014:0865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1149","reference_id":"RHSA-2014:1149","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2302-1/","reference_id":"USN-2302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87066?format=json","purl":"pkg:apache/tomcat@8.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xjj5-fy4e-e7ha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.5"}],"aliases":["CVE-2014-0099","GHSA-xh5x-j8jf-pcpx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnye-4xbb-kuf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43810?format=json","vulnerability_id":"VCID-pq53-6deg-abfx","summary":"Improper Input Validation in Apache Tomcat\njava/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2015-0081.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2015-0081.html"},{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=143393515412274&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=143393515412274&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143403519711434&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=143403519711434&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0983.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0983.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0991.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0991.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0227.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0227","reference_id":"","reference_type":"","scores":[{"value":"0.78235","scoring_system":"epss","scoring_elements":"0.99041","published_at":"2026-06-04T12:55:00Z"},{"value":"0.78235","scoring_system":"epss","scoring_elements":"0.99043","published_at":"2026-06-06T12:55:00Z"},{"value":"0.78235","scoring_system":"epss","scoring_elements":"0.99042","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0227"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1109196","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1109196"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/6b23790bf7dc4233affaacec57e06cff6b6c6fd3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/6b23790bf7dc4233affaacec57e06cff6b6c6fd3"},{"reference_url":"https://github.com/apache/tomcat/commit/593a2447e6ebe465585cfa07e93b5635dffa1c70","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/593a2447e6ebe465585cfa07e93b5635dffa1c70"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://source.jboss.org/changelog/JBossWeb?cs=2455","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://source.jboss.org/changelog/JBossWeb?cs=2455"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1600984","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1600984"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1601329","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1601329"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1601330","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1601330"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1601332","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1601332"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1601333","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1601333"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1603628","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1603628"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1600984","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1600984"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3447"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2655-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2655-1"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227","reference_id":"CVE-2014-0227","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0227","reference_id":"CVE-2014-0227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0227"},{"reference_url":"https://github.com/advisories/GHSA-42j3-498q-m6vp","reference_id":"GHSA-42j3-498q-m6vp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-42j3-498q-m6vp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1019","reference_id":"RHSA-2014:1019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1020","reference_id":"RHSA-2014:1020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1021","reference_id":"RHSA-2014:1021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1086","reference_id":"RHSA-2014:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1087","reference_id":"RHSA-2014:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1088","reference_id":"RHSA-2014:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1904","reference_id":"RHSA-2014:1904","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0091","reference_id":"RHSA-2015:0091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0983","reference_id":"RHSA-2015:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0991","reference_id":"RHSA-2015:0991","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0991"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"},{"reference_url":"https://usn.ubuntu.com/2655-1/","reference_id":"USN-2655-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2655-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87064?format=json","purl":"pkg:apache/tomcat@8.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.9"}],"aliases":["CVE-2014-0227","GHSA-42j3-498q-m6vp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq53-6deg-abfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44027?format=json","vulnerability_id":"VCID-sk1w-8yt4-93cv","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nApache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain \"Tomcat internals\" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0148.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0148.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4590","reference_id":"","reference_type":"","scores":[{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76391","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76401","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76399","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76372","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4590"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069911","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1069911"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/b9e06ead01984483af73f48e7861bc7897f5e84f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/b9e06ead01984483af73f48e7861bc7897f5e84f"},{"reference_url":"https://github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/05c84ff8304a69a30b251f207a7b93c2c882564d"},{"reference_url":"https://github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/78dd7e6f3d8481bc3bcd71ca5b20296de1283888"},{"reference_url":"https://github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b9e06ead01984483af73f48e7861bc7897f5e84f"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549528","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549528"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1549529","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1549529"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1558828","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1558828"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549528"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1549529","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1549529"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1558828","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1558828"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21667883"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675886"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677147"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590","reference_id":"CVE-2013-4590","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4590","reference_id":"CVE-2013-4590","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4590"},{"reference_url":"https://github.com/advisories/GHSA-87w9-x2c3-hrjj","reference_id":"GHSA-87w9-x2c3-hrjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87w9-x2c3-hrjj"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1038","reference_id":"RHSA-2014:1038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1086","reference_id":"RHSA-2014:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1087","reference_id":"RHSA-2014:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1088","reference_id":"RHSA-2014:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1088"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87073?format=json","purl":"pkg:apache/tomcat@8.0.0-RC10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.0-RC10"}],"aliases":["CVE-2013-4590","GHSA-87w9-x2c3-hrjj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sk1w-8yt4-93cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43811?format=json","vulnerability_id":"VCID-xjj5-fy4e-e7ha","summary":"Missing XML Validation in Apache Tomcat\nApache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0268.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0268.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=141017844705317&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=144498216801440&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0119.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0119.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0119","reference_id":"","reference_type":"","scores":[{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.89123","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.89139","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.8914","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0119"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Dec/23"},{"reference_url":"http://seclists.org/fulldisclosure/2014/May/141","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/May/141"},{"reference_url":"http://secunia.com/advisories/59732","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59732"},{"reference_url":"http://secunia.com/advisories/59873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59873"},{"reference_url":"http://secunia.com/advisories/60729","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60729"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f"},{"reference_url":"https://github.com/apache/tomcat70/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81"},{"reference_url":"https://github.com/apache/tomcat70/commit/934f884f330dad192d2c5dc950e28f4cd281461b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/934f884f330dad192d2c5dc950e28f4cd281461b"},{"reference_url":"https://github.com/apache/tomcat70/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834"},{"reference_url":"https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d"},{"reference_url":"https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447"},{"reference_url":"https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f"},{"reference_url":"https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27"},{"reference_url":"https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802"},{"reference_url":"https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04"},{"reference_url":"https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441"},{"reference_url":"https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f"},{"reference_url":"https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d"},{"reference_url":"https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c"},{"reference_url":"https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af"},{"reference_url":"https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81"},{"reference_url":"https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1"},{"reference_url":"https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b"},{"reference_url":"https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5"},{"reference_url":"https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481"},{"reference_url":"https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2"},{"reference_url":"https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1588193","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1588193"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1588199","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1588199"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589640","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589640"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589837","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589837"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589980","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589980"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589983","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589983"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589985","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589985"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589990","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589990"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589992","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589992"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1589997","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1589997"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1590028","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1590028"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1590036","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1590036"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1593815","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1593815"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1593821","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1593821"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1588193","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1588193"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1588199","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1588199"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589640","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589640"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589837","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589837"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589980","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589980"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589983","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589983"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589985","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589985"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589990","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589990"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589992","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589992"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1589997","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1589997"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1590028","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1590028"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1590036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1590036"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1593815","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1593815"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1593821","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1593821"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21678231"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681528"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/67669","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/67669"},{"reference_url":"http://www.securitytracker.com/id/1030298","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1030298"},{"reference_url":"http://www.ubuntu.com/usn/USN-2654-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2654-1"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102038","reference_id":"1102038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1102038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119","reference_id":"CVE-2014-0119","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0119","reference_id":"CVE-2014-0119","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0119"},{"reference_url":"https://github.com/advisories/GHSA-prc3-7f44-w48j","reference_id":"GHSA-prc3-7f44-w48j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prc3-7f44-w48j"},{"reference_url":"https://security.gentoo.org/glsa/201412-29","reference_id":"GLSA-201412-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0842","reference_id":"RHSA-2014:0842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0843","reference_id":"RHSA-2014:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1034","reference_id":"RHSA-2014:1034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1038","reference_id":"RHSA-2014:1038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1086","reference_id":"RHSA-2014:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1087","reference_id":"RHSA-2014:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1088","reference_id":"RHSA-2014:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0234","reference_id":"RHSA-2015:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0235","reference_id":"RHSA-2015:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://usn.ubuntu.com/2654-1/","reference_id":"USN-2654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2654-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87063?format=json","purl":"pkg:apache/tomcat@8.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6uuq-2a39-yubx"},{"vulnerability":"VCID-pq53-6deg-abfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.8"}],"aliases":["CVE-2014-0119","GHSA-prc3-7f44-w48j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xjj5-fy4e-e7ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43826?format=json","vulnerability_id":"VCID-zrc5-bf77-aygn","summary":"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat\nDirectory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2"},{"reference_url":"http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1435.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1435.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2045.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2045.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2599.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2599.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1432","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1433","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1434","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1434"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5174.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5174.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5174","reference_id":"","reference_type":"","scores":[{"value":"0.04801","scoring_system":"epss","scoring_elements":"0.89692","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04801","scoring_system":"epss","scoring_elements":"0.89693","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04801","scoring_system":"epss","scoring_elements":"0.89674","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04801","scoring_system":"epss","scoring_elements":"0.89691","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5174"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092"},{"reference_url":"http://seclists.org/bugtraq/2016/Feb/149","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/bugtraq/2016/Feb/149"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat70/commit/5ea5171b735ab0c636850e23e154fc957b0ab39d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/5ea5171b735ab0c636850e23e154fc957b0ab39d"},{"reference_url":"https://github.com/apache/tomcat70/commit/e1bbd13d393229e4e3724cb8a86b18a969e90fb2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/e1bbd13d393229e4e3724cb8a86b18a969e90fb2"},{"reference_url":"https://github.com/apache/tomcat80/commit/2fc9d03ffbc3fe7eabfd272380807ac0ddcf748d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat80/commit/2fc9d03ffbc3fe7eabfd272380807ac0ddcf748d"},{"reference_url":"https://github.com/apache/tomcat80/commit/50f0179c78721e7fc60f679d8af9b8889ab1f106","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat80/commit/50f0179c78721e7fc60f679d8af9b8889ab1f106"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"},{"reference_url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201705-09","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201705-09"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180531-0001","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180531-0001"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1696281","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1696281"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1696284","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1696284"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1700897","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1700897"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1700898","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1700898"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1700900","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1700900"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1696281","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1696281"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1696284","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1696284"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1700897","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1700897"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1700898","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1700898"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1700900","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1700900"},{"reference_url":"http://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html"},{"reference_url":"http://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html"},{"reference_url":"http://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-8.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.debian.org/security/2016/dsa-3609","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3609"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-3024-1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-3024-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265698","reference_id":"1265698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174","reference_id":"CVE-2015-5174","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5174","reference_id":"CVE-2015-5174","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5174"},{"reference_url":"https://github.com/advisories/GHSA-6qr6-x7jm-x2q6","reference_id":"GHSA-6qr6-x7jm-x2q6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6qr6-x7jm-x2q6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2661","reference_id":"RHSA-2015:2661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1435","reference_id":"RHSA-2016:1435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2599","reference_id":"RHSA-2016:2599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2599"},{"reference_url":"https://usn.ubuntu.com/3024-1/","reference_id":"USN-3024-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3024-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87057?format=json","purl":"pkg:apache/tomcat@8.0.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.27"}],"aliases":["CVE-2015-5174","GHSA-6qr6-x7jm-x2q6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrc5-bf77-aygn"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.0.0-RC1"}