{"url":"http://public2.vulnerablecode.io/api/packages/960?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.5","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"7.0.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.0.7","latest_non_vulnerable_version":"11.0.22","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30475?format=json","vulnerability_id":"VCID-dt1c-w14g-2fbd","summary":"","references":[{"reference_url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=130168502603566&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=130168502603566&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=132215163318824&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=136485229118404&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0791","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:0791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0896","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:0896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0897","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1845","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:1845"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0013.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0013","reference_id":"","reference_type":"","scores":[{"value":"0.25792","scoring_system":"epss","scoring_elements":"0.96379","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675786","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675786"},{"reference_url":"http://securityreason.com/securityalert/8093","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/8093"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/863d77c7d321245de019ac32252828e0a025c5b4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat55/commit/863d77c7d321245de019ac32252828e0a025c5b4"},{"reference_url":"https://github.com/apache/tomcat/commit/58223c5ecc0751c3642c810f291b8f033d33b97f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/58223c5ecc0751c3642c810f291b8f033d33b97f"},{"reference_url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1057270","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1057270"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1057279","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1057279"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1057518","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1057518"},{"reference_url":"http://support.apple.com/kb/HT5002","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5002"},{"reference_url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"},{"reference_url":"https://web.archive.org/web/20111227000129/http://secunia.com/advisories/45022","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111227000129/http://secunia.com/advisories/45022"},{"reference_url":"https://web.archive.org/web/20111229163935/http://secunia.com/advisories/43192","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111229163935/http://secunia.com/advisories/43192"},{"reference_url":"https://web.archive.org/web/20120126065143/http://www.securityfocus.com/archive/1/516209/30/90/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120126065143/http://www.securityfocus.com/archive/1/516209/30/90/threaded"},{"reference_url":"https://web.archive.org/web/20120126070320/http://www.securitytracker.com/id?1025026","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120126070320/http://www.securitytracker.com/id?1025026"},{"reference_url":"https://web.archive.org/web/20120213130147/http://www.securityfocus.com/bid/46174","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120213130147/http://www.securityfocus.com/bid/46174"},{"reference_url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126"},{"reference_url":"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32"},{"reference_url":"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30"},{"reference_url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29"},{"reference_url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011)","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011)"},{"reference_url":"http://www.debian.org/security/2011/dsa-2160","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2160"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:030","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0791.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0791.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-1845.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-1845.html"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2011-0013","reference_id":"CVE-2011-0013","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2011-0013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013","reference_id":"CVE-2011-0013","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0013","reference_id":"CVE-2011-0013","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0013"},{"reference_url":"https://github.com/advisories/GHSA-3p86-xgrq-m6p6","reference_id":"GHSA-3p86-xgrq-m6p6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p86-xgrq-m6p6"},{"reference_url":"https://security.gentoo.org/glsa/201206-24","reference_id":"GLSA-201206-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-24"},{"reference_url":"https://usn.ubuntu.com/1097-1/","reference_id":"USN-1097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1097-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1020?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f6dc-5wps-z3ax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.6"}],"aliases":["CVE-2011-0013","GHSA-3p86-xgrq-m6p6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dt1c-w14g-2fbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/457?format=json","vulnerability_id":"VCID-mdsb-pema-d3ds","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"},{"reference_url":"http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2046.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5346.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5346.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5346","reference_id":"","reference_type":"","scores":[{"value":"0.36595","scoring_system":"epss","scoring_elements":"0.97237","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5346"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa118","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bto.bluecoat.com/security-advisory/sa118"},{"reference_url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=58809","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=58809"},{"reference_url":"http://seclists.org/bugtraq/2016/Feb/143","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/bugtraq/2016/Feb/143"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat70/commit/6287be37d8d06c320215c45f7e2b8380411692e0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat70/commit/6287be37d8d06c320215c45f7e2b8380411692e0"},{"reference_url":"https://github.com/apache/tomcat80/commit/41fbee7ba15435a831f765597ff907c56ebf2169","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/41fbee7ba15435a831f765597ff907c56ebf2169"},{"reference_url":"https://github.com/apache/tomcat80/commit/c39b7ffc2145644f7f3cf9e3cd4aada5048e56a0","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat80/commit/c39b7ffc2145644f7f3cf9e3cd4aada5048e56a0"},{"reference_url":"https://github.com/apache/tomcat/commit/04164c1f01b973e548d95511d417f414ca723cb8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/04164c1f01b973e548d95511d417f414ca723cb8"},{"reference_url":"https://github.com/apache/tomcat/commit/6287be37d8d06c320215c45f7e2b8380411692e0","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6287be37d8d06c320215c45f7e2b8380411692e0"},{"reference_url":"https://github.com/apache/tomcat/commit/83679b99cd40caa401d173c8f8e72fc98eb5d5be","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/83679b99cd40caa401d173c8f8e72fc98eb5d5be"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"},{"reference_url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5346","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5346"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180531-0001","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180531-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180531-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180531-0001/"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1713184","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1713184"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1713185","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1713185"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1713187","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1713187"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1723414","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1723414"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=1723506","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=1723506"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1713184","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1713184"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1713185","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1713185"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1713187","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1713187"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1723414","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1723414"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1723506","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1723506"},{"reference_url":"https://web.archive.org/web/20160321234551/http://www.securitytracker.com/id/1035069","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160321234551/http://www.securitytracker.com/id/1035069"},{"reference_url":"https://web.archive.org/web/20160912063818/http://www.securityfocus.com/bid/83323","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160912063818/http://www.securityfocus.com/bid/83323"},{"reference_url":"http://www.debian.org/security/2016/dsa-3530","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3530"},{"reference_url":"http://www.debian.org/security/2016/dsa-3552","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3552"},{"reference_url":"http://www.debian.org/security/2016/dsa-3609","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3609"},{"reference_url":"http://www.ubuntu.com/usn/USN-3024-1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-3024-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311085","reference_id":"1311085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346","reference_id":"CVE-2015-5346","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346"},{"reference_url":"https://github.com/advisories/GHSA-jrcp-c39h-r29x","reference_id":"GHSA-jrcp-c39h-r29x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jrcp-c39h-r29x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1087","reference_id":"RHSA-2016:1087","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1088","reference_id":"RHSA-2016:1088","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1089","reference_id":"RHSA-2016:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2807","reference_id":"RHSA-2016:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2808","reference_id":"RHSA-2016:2808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2808"},{"reference_url":"https://usn.ubuntu.com/3024-1/","reference_id":"USN-3024-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3024-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385752?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.66","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.66"},{"url":"http://public2.vulnerablecode.io/api/packages/954?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.67","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-4c8y-tn9d-v3d5"},{"vulnerability":"VCID-4tdx-52h3-bkfj"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-65td-2enz-63hf"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6tzd-v653-9bdq"},{"vulnerability":"VCID-824z-m36f-87ea"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9gs9-4vzf-uqbu"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-d1px-uadx-vqdx"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-evws-hrsq-ybfw"},{"vulnerability":"VCID-ftu2-phtp-bqad"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-k11z-qhvd-9ugj"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-q1pv-h34q-7ufy"},{"vulnerability":"VCID-qvgx-r4rr-xugp"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-rfbc-9e8h-gfhr"},{"vulnerability":"VCID-rwqs-mabh-17c9"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-s4fd-atmc-qkcz"},{"vulnerability":"VCID-swxs-3ua6-3yfn"},{"vulnerability":"VCID-t7xw-r7rz-u3g5"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-vfh6-rc99-e3bf"},{"vulnerability":"VCID-vz4c-rt19-pbaf"},{"vulnerability":"VCID-wu55-n9ff-sbbf"},{"vulnerability":"VCID-x57v-g2md-7bbq"},{"vulnerability":"VCID-xjen-b9ss-33by"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yqd8-3j9e-cken"},{"vulnerability":"VCID-znw1-bajd-7yfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.67"},{"url":"http://public2.vulnerablecode.io/api/packages/385506?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.31"},{"url":"http://public2.vulnerablecode.io/api/packages/842?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-4tdx-52h3-bkfj"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6tzd-v653-9bdq"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-d1px-uadx-vqdx"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-evws-hrsq-ybfw"},{"vulnerability":"VCID-ftu2-phtp-bqad"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-rfbc-9e8h-gfhr"},{"vulnerability":"VCID-rwqs-mabh-17c9"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-swxs-3ua6-3yfn"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-x57v-g2md-7bbq"},{"vulnerability":"VCID-xjen-b9ss-33by"},{"vulnerability":"VCID-yg5s-2fsb-gub2"},{"vulnerability":"VCID-yqd8-3j9e-cken"},{"vulnerability":"VCID-znw1-bajd-7yfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.32"},{"url":"http://public2.vulnerablecode.io/api/packages/653?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65td-2enz-63hf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2"},{"url":"http://public2.vulnerablecode.io/api/packages/654?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-4tdx-52h3-bkfj"},{"vulnerability":"VCID-5nu4-5ude-4yhc"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-6tzd-v653-9bdq"},{"vulnerability":"VCID-6wqu-jupw-tyhu"},{"vulnerability":"VCID-7wr9-uez1-8bdg"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-euv9-huaz-y3d1"},{"vulnerability":"VCID-fwgq-vmfm-j7bh"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-gecz-htub-27gx"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-keh1-ycs9-ybdd"},{"vulnerability":"VCID-m3py-3ba2-jkg7"},{"vulnerability":"VCID-ngy5-k9cv-rkbn"},{"vulnerability":"VCID-p65m-6crd-bufr"},{"vulnerability":"VCID-qxbw-zvw5-ckdp"},{"vulnerability":"VCID-qxfb-yg6b-nfda"},{"vulnerability":"VCID-rfbc-9e8h-gfhr"},{"vulnerability":"VCID-s2kf-jwgc-pfas"},{"vulnerability":"VCID-swxs-3ua6-3yfn"},{"vulnerability":"VCID-t8tc-zb3w-57gv"},{"vulnerability":"VCID-urhx-sw6q-cqce"},{"vulnerability":"VCID-uyc3-3cnp-wqf3"},{"vulnerability":"VCID-v9zx-5ppt-qfbb"},{"vulnerability":"VCID-vvc7-62tw-2bhh"},{"vulnerability":"VCID-w35j-v3r4-tqhu"},{"vulnerability":"VCID-xjen-b9ss-33by"},{"vulnerability":"VCID-yjb8-hdqu-4fe5"},{"vulnerability":"VCID-yqd8-3j9e-cken"},{"vulnerability":"VCID-znw1-bajd-7yfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3"}],"aliases":["CVE-2015-5346","GHSA-jrcp-c39h-r29x"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdsb-pema-d3ds"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.5"}