{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43050?format=json","vulnerability_id":"VCID-x9v1-6ysy-bfcm","summary":"Apache Tomcat Denial of Service vulnerability in the Catalina package\nThe Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.","aliases":[{"alias":"CVE-2003-0866"},{"alias":"GHSA-7wj2-48c4-2684"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61616?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2af1-rv9j-jugv"},{"vulnerability":"VCID-2jws-wtvg-2khf"},{"vulnerability":"VCID-5jm8-9upn-g7f4"},{"vulnerability":"VCID-7787-4bwm-efgq"},{"vulnerability":"VCID-96yu-fvee-wfbs"},{"vulnerability":"VCID-ccfn-tde4-s7hr"},{"vulnerability":"VCID-crhe-rt8j-wycu"},{"vulnerability":"VCID-eygg-nt7y-qubh"},{"vulnerability":"VCID-hmqa-jhuf-hfe2"},{"vulnerability":"VCID-kxc3-vz2c-wqca"},{"vulnerability":"VCID-qz87-x4zb-rud7"},{"vulnerability":"VCID-rdr4-db3y-p3cz"},{"vulnerability":"VCID-sjn3-a6fs-gyck"},{"vulnerability":"VCID-t4mh-zvhq-27du"},{"vulnerability":"VCID-wg7f-pjmn-uudk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61615?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x9v1-6ysy-bfcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0"}],"references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506"},{"reference_url":"http://secunia.com/advisories/30899","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30899"},{"reference_url":"http://secunia.com/advisories/30908","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30908"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/13429","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/13429"},{"reference_url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1","reference_id":"","reference_type":"","scores":[],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"},{"reference_url":"http://tomcat.apache.org/security-4.html","reference_id":"","reference_type":"","scores":[],"url":"http://tomcat.apache.org/security-4.html"},{"reference_url":"http://www.debian.org/security/2003/dsa-395","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2003/dsa-395"},{"reference_url":"http://www.securityfocus.com/bid/8824","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/8824"},{"reference_url":"http://www.vupen.com/english/advisories/2008/1979/references","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/1979/references"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2003-0866","reference_id":"CVE-2003-0866","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2003-0866"},{"reference_url":"https://github.com/advisories/GHSA-7wj2-48c4-2684","reference_id":"GHSA-7wj2-48c4-2684","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7wj2-48c4-2684"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9v1-6ysy-bfcm"}