Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9kfe-1esf-uydm
Summary
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.

This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.
The following versions were EOL at the time the CVE was created but are 
known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions 
may also be affected.


Users are recommended to upgrade to version 9.0.107, which fixes the issue.
Aliases
0
alias CVE-2025-52434
1
alias GHSA-4j3c-42xv-3f84
Fixed_packages
0
url pkg:apache/tomcat@9.0.107
purl pkg:apache/tomcat@9.0.107
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e6p-cppr-2bh2
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.107
1
url pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie
2
url pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie
3
url pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie
4
url pkg:deb/debian/tomcat9@9.0.107-0%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/tomcat9@9.0.107-0%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.107-0%252Bdeb11u1%3Fdistro=trixie
5
url pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
purl pkg:deb/debian/tomcat9@9.0.115-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1%3Fdistro=trixie
6
url pkg:deb/debian/tomcat9@9.0.115-1
purl pkg:deb/debian/tomcat9@9.0.115-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.115-1
7
url pkg:maven/org.apache.tomcat/tomcat@9.0.107
purl pkg:maven/org.apache.tomcat/tomcat@9.0.107
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e6p-cppr-2bh2
1
vulnerability VCID-8war-4v58-eub2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.107
8
url pkg:maven/org.apache.tomcat/tomcat-util@9.0.107
purl pkg:maven/org.apache.tomcat/tomcat-util@9.0.107
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@9.0.107
Affected_packages
0
url pkg:apache/tomcat@9.0.0%2BM1
purl pkg:apache/tomcat@9.0.0%2BM1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18q4-zark-s7a7
1
vulnerability VCID-1e6p-cppr-2bh2
2
vulnerability VCID-1hdb-24e3-f3d6
3
vulnerability VCID-1k8f-vsg1-k3d6
4
vulnerability VCID-246u-a4rh-yyd4
5
vulnerability VCID-2kku-pzer-9ufv
6
vulnerability VCID-2sbh-sy57-3uez
7
vulnerability VCID-2x6a-3gh1-rkhs
8
vulnerability VCID-39e3-jfbg-s3hk
9
vulnerability VCID-3cr9-g81m-4ugy
10
vulnerability VCID-3n4t-bvb1-5qer
11
vulnerability VCID-3r3s-q21j-c3au
12
vulnerability VCID-43j2-w5xt-43g9
13
vulnerability VCID-46bv-6b7y-3bca
14
vulnerability VCID-4aaa-errb-2qdw
15
vulnerability VCID-4cag-c4pb-dfaz
16
vulnerability VCID-4tf3-7f5b-2ffu
17
vulnerability VCID-5sgv-7nsz-5fa8
18
vulnerability VCID-66kh-s6cr-tqf9
19
vulnerability VCID-68fk-4g86-ekbp
20
vulnerability VCID-885s-t4dx-dybv
21
vulnerability VCID-95d1-arxd-hkd1
22
vulnerability VCID-9exq-fhv6-bbea
23
vulnerability VCID-9kfe-1esf-uydm
24
vulnerability VCID-a8gk-n8bq-87cp
25
vulnerability VCID-aeeu-fpay-wufz
26
vulnerability VCID-arkn-bca7-hqam
27
vulnerability VCID-ayrd-8ntf-hkh3
28
vulnerability VCID-dzpn-w4b3-vbcm
29
vulnerability VCID-eb37-mkxf-7fgw
30
vulnerability VCID-enaj-f97c-jbh7
31
vulnerability VCID-f77q-v5xp-e7dy
32
vulnerability VCID-fpgj-82wf-ykbw
33
vulnerability VCID-fyfz-6tr5-2fc7
34
vulnerability VCID-g7bk-891a-uufy
35
vulnerability VCID-gb2v-96xj-ybad
36
vulnerability VCID-gvhy-d4gm-57d3
37
vulnerability VCID-gyed-x6s8-ybhr
38
vulnerability VCID-hmbm-5ysw-77bu
39
vulnerability VCID-hves-r5bg-yfes
40
vulnerability VCID-k59r-wjt3-wqe5
41
vulnerability VCID-kagr-74d9-kyhx
42
vulnerability VCID-kukv-k3z7-7fgs
43
vulnerability VCID-kwab-3s4q-eka4
44
vulnerability VCID-kyb8-rvyw-s7b1
45
vulnerability VCID-m1zd-uytj-3bej
46
vulnerability VCID-m2zn-ja8d-7kg8
47
vulnerability VCID-maw6-4qs5-ykae
48
vulnerability VCID-n3ab-nk7c-hqc9
49
vulnerability VCID-n3zn-tuck-gkfe
50
vulnerability VCID-nvbx-q971-skgm
51
vulnerability VCID-pqxe-tfhk-47b7
52
vulnerability VCID-ruuh-g3fa-m7d8
53
vulnerability VCID-sr8e-w1qk-r7fz
54
vulnerability VCID-t2ne-75ck-eqcr
55
vulnerability VCID-tfrs-d458-tfaq
56
vulnerability VCID-u3ck-cvgt-fuhd
57
vulnerability VCID-v8ku-sjc8-wfga
58
vulnerability VCID-vdnj-sqmx-e3ep
59
vulnerability VCID-vhjj-dnft-kkf4
60
vulnerability VCID-wbaq-j85q-y3c6
61
vulnerability VCID-wgsc-dnn1-ukeq
62
vulnerability VCID-xf8r-kqxb-7qdy
63
vulnerability VCID-y9ne-rw7e-vugf
64
vulnerability VCID-yfx4-4gsc-2kgh
65
vulnerability VCID-yxpq-rrry-j3h8
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.0%252BM1
1
url pkg:apache/tomcat@9.0.106
purl pkg:apache/tomcat@9.0.106
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9kfe-1esf-uydm
1
vulnerability VCID-fpgj-82wf-ykbw
2
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.106
2
url pkg:deb/debian/tomcat9@9.0.31-1~deb10u6
purl pkg:deb/debian/tomcat9@9.0.31-1~deb10u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e6p-cppr-2bh2
1
vulnerability VCID-246u-a4rh-yyd4
2
vulnerability VCID-2kku-pzer-9ufv
3
vulnerability VCID-2rmy-13ym-3bgm
4
vulnerability VCID-2x6a-3gh1-rkhs
5
vulnerability VCID-2zq1-na8s-mfdd
6
vulnerability VCID-35xg-a746-5qgc
7
vulnerability VCID-3vdn-j7sj-dfdn
8
vulnerability VCID-43j2-w5xt-43g9
9
vulnerability VCID-46bv-6b7y-3bca
10
vulnerability VCID-4cag-c4pb-dfaz
11
vulnerability VCID-56jv-htmt-rkew
12
vulnerability VCID-5781-s1ny-q7ey
13
vulnerability VCID-5sgv-7nsz-5fa8
14
vulnerability VCID-66kh-s6cr-tqf9
15
vulnerability VCID-6pm1-byhk-eqfg
16
vulnerability VCID-74tx-sx8a-guhs
17
vulnerability VCID-885s-t4dx-dybv
18
vulnerability VCID-8e1c-rbkg-v7c2
19
vulnerability VCID-8mns-kw6c-a7dk
20
vulnerability VCID-8myk-ac5b-huh8
21
vulnerability VCID-8war-4v58-eub2
22
vulnerability VCID-9kfe-1esf-uydm
23
vulnerability VCID-a8gk-n8bq-87cp
24
vulnerability VCID-b3bb-9ajg-sfc9
25
vulnerability VCID-cfhw-vmcp-y3bc
26
vulnerability VCID-d1fm-vbd1-n7au
27
vulnerability VCID-dy6m-zt6r-9ubd
28
vulnerability VCID-dzan-r49k-kqab
29
vulnerability VCID-dzpn-w4b3-vbcm
30
vulnerability VCID-eb37-mkxf-7fgw
31
vulnerability VCID-fpgj-82wf-ykbw
32
vulnerability VCID-gb2v-96xj-ybad
33
vulnerability VCID-gvhy-d4gm-57d3
34
vulnerability VCID-gyed-x6s8-ybhr
35
vulnerability VCID-j6cj-ftyd-3ffa
36
vulnerability VCID-j8tk-s915-pbfy
37
vulnerability VCID-k59r-wjt3-wqe5
38
vulnerability VCID-k9cg-ehdw-dbh6
39
vulnerability VCID-kukv-k3z7-7fgs
40
vulnerability VCID-kwab-3s4q-eka4
41
vulnerability VCID-maw6-4qs5-ykae
42
vulnerability VCID-n3ab-nk7c-hqc9
43
vulnerability VCID-n9yk-e49f-n7e7
44
vulnerability VCID-nmq2-8ysj-4fbc
45
vulnerability VCID-nvbx-q971-skgm
46
vulnerability VCID-p6pa-f1fg-hbhg
47
vulnerability VCID-p8q2-pt96-5ye8
48
vulnerability VCID-qkx6-32cj-jfbp
49
vulnerability VCID-ran8-rnqn-tkbc
50
vulnerability VCID-rq42-qvsy-hue6
51
vulnerability VCID-rsxs-u5cc-rkgj
52
vulnerability VCID-ruuh-g3fa-m7d8
53
vulnerability VCID-rzj2-4kcj-43dq
54
vulnerability VCID-sr8e-w1qk-r7fz
55
vulnerability VCID-stds-vw5z-auhp
56
vulnerability VCID-t2ne-75ck-eqcr
57
vulnerability VCID-v7tp-1t4h-zqeg
58
vulnerability VCID-v8ku-sjc8-wfga
59
vulnerability VCID-vsdf-4tfj-uybe
60
vulnerability VCID-wgsc-dnn1-ukeq
61
vulnerability VCID-wptr-hkjx-s7c3
62
vulnerability VCID-xqjr-7xfw-mbh2
63
vulnerability VCID-xt59-cnmj-2bf8
64
vulnerability VCID-y9ne-rw7e-vugf
65
vulnerability VCID-yfx4-4gsc-2kgh
66
vulnerability VCID-yrzk-1dbk-muhy
67
vulnerability VCID-z2pq-cv2w-nfdk
68
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.31-1~deb10u6
3
url pkg:deb/debian/tomcat9@9.0.43-2~deb11u10
purl pkg:deb/debian/tomcat9@9.0.43-2~deb11u10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e6p-cppr-2bh2
1
vulnerability VCID-246u-a4rh-yyd4
2
vulnerability VCID-2kku-pzer-9ufv
3
vulnerability VCID-2rmy-13ym-3bgm
4
vulnerability VCID-2x6a-3gh1-rkhs
5
vulnerability VCID-2zq1-na8s-mfdd
6
vulnerability VCID-35xg-a746-5qgc
7
vulnerability VCID-3vdn-j7sj-dfdn
8
vulnerability VCID-43j2-w5xt-43g9
9
vulnerability VCID-4cag-c4pb-dfaz
10
vulnerability VCID-5sgv-7nsz-5fa8
11
vulnerability VCID-74tx-sx8a-guhs
12
vulnerability VCID-8e1c-rbkg-v7c2
13
vulnerability VCID-8mns-kw6c-a7dk
14
vulnerability VCID-8myk-ac5b-huh8
15
vulnerability VCID-8war-4v58-eub2
16
vulnerability VCID-9kfe-1esf-uydm
17
vulnerability VCID-cfhw-vmcp-y3bc
18
vulnerability VCID-d1fm-vbd1-n7au
19
vulnerability VCID-fpgj-82wf-ykbw
20
vulnerability VCID-gb2v-96xj-ybad
21
vulnerability VCID-gvhy-d4gm-57d3
22
vulnerability VCID-gyed-x6s8-ybhr
23
vulnerability VCID-k59r-wjt3-wqe5
24
vulnerability VCID-k9cg-ehdw-dbh6
25
vulnerability VCID-kukv-k3z7-7fgs
26
vulnerability VCID-maw6-4qs5-ykae
27
vulnerability VCID-p8q2-pt96-5ye8
28
vulnerability VCID-rsxs-u5cc-rkgj
29
vulnerability VCID-sr8e-w1qk-r7fz
30
vulnerability VCID-v8ku-sjc8-wfga
31
vulnerability VCID-xqjr-7xfw-mbh2
32
vulnerability VCID-y9ne-rw7e-vugf
33
vulnerability VCID-yrzk-1dbk-muhy
34
vulnerability VCID-zw2q-kna8-mqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10
4
url pkg:deb/debian/tomcat9@9.0.70-2
purl pkg:deb/debian/tomcat9@9.0.70-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-246u-a4rh-yyd4
1
vulnerability VCID-2x6a-3gh1-rkhs
2
vulnerability VCID-2zq1-na8s-mfdd
3
vulnerability VCID-4cag-c4pb-dfaz
4
vulnerability VCID-8myk-ac5b-huh8
5
vulnerability VCID-9kfe-1esf-uydm
6
vulnerability VCID-cfhw-vmcp-y3bc
7
vulnerability VCID-fpgj-82wf-ykbw
8
vulnerability VCID-gb2v-96xj-ybad
9
vulnerability VCID-gvhy-d4gm-57d3
10
vulnerability VCID-k59r-wjt3-wqe5
11
vulnerability VCID-kukv-k3z7-7fgs
12
vulnerability VCID-sr8e-w1qk-r7fz
13
vulnerability VCID-xqjr-7xfw-mbh2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2
5
url pkg:deb/debian/tomcat9@9.0.95-1
purl pkg:deb/debian/tomcat9@9.0.95-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-246u-a4rh-yyd4
1
vulnerability VCID-2x6a-3gh1-rkhs
2
vulnerability VCID-2zq1-na8s-mfdd
3
vulnerability VCID-4cag-c4pb-dfaz
4
vulnerability VCID-8myk-ac5b-huh8
5
vulnerability VCID-9kfe-1esf-uydm
6
vulnerability VCID-cfhw-vmcp-y3bc
7
vulnerability VCID-fpgj-82wf-ykbw
8
vulnerability VCID-gb2v-96xj-ybad
9
vulnerability VCID-gvhy-d4gm-57d3
10
vulnerability VCID-k59r-wjt3-wqe5
11
vulnerability VCID-kukv-k3z7-7fgs
12
vulnerability VCID-sr8e-w1qk-r7fz
13
vulnerability VCID-xqjr-7xfw-mbh2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1
6
url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1
purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18q4-zark-s7a7
1
vulnerability VCID-1e6p-cppr-2bh2
2
vulnerability VCID-1hdb-24e3-f3d6
3
vulnerability VCID-1k8f-vsg1-k3d6
4
vulnerability VCID-246u-a4rh-yyd4
5
vulnerability VCID-2kku-pzer-9ufv
6
vulnerability VCID-2sbh-sy57-3uez
7
vulnerability VCID-2x6a-3gh1-rkhs
8
vulnerability VCID-39e3-jfbg-s3hk
9
vulnerability VCID-3cr9-g81m-4ugy
10
vulnerability VCID-3n4t-bvb1-5qer
11
vulnerability VCID-3r3s-q21j-c3au
12
vulnerability VCID-43j2-w5xt-43g9
13
vulnerability VCID-46bv-6b7y-3bca
14
vulnerability VCID-4aaa-errb-2qdw
15
vulnerability VCID-4cag-c4pb-dfaz
16
vulnerability VCID-4tf3-7f5b-2ffu
17
vulnerability VCID-5sgv-7nsz-5fa8
18
vulnerability VCID-66kh-s6cr-tqf9
19
vulnerability VCID-68fk-4g86-ekbp
20
vulnerability VCID-885s-t4dx-dybv
21
vulnerability VCID-95d1-arxd-hkd1
22
vulnerability VCID-9exq-fhv6-bbea
23
vulnerability VCID-9kfe-1esf-uydm
24
vulnerability VCID-a8gk-n8bq-87cp
25
vulnerability VCID-aeeu-fpay-wufz
26
vulnerability VCID-arkn-bca7-hqam
27
vulnerability VCID-ayrd-8ntf-hkh3
28
vulnerability VCID-dzpn-w4b3-vbcm
29
vulnerability VCID-eb37-mkxf-7fgw
30
vulnerability VCID-enaj-f97c-jbh7
31
vulnerability VCID-f77q-v5xp-e7dy
32
vulnerability VCID-fpgj-82wf-ykbw
33
vulnerability VCID-fyfz-6tr5-2fc7
34
vulnerability VCID-g7bk-891a-uufy
35
vulnerability VCID-gb2v-96xj-ybad
36
vulnerability VCID-gvhy-d4gm-57d3
37
vulnerability VCID-gyed-x6s8-ybhr
38
vulnerability VCID-hmbm-5ysw-77bu
39
vulnerability VCID-hves-r5bg-yfes
40
vulnerability VCID-k59r-wjt3-wqe5
41
vulnerability VCID-k9cg-ehdw-dbh6
42
vulnerability VCID-kagr-74d9-kyhx
43
vulnerability VCID-kukv-k3z7-7fgs
44
vulnerability VCID-kwab-3s4q-eka4
45
vulnerability VCID-kyb8-rvyw-s7b1
46
vulnerability VCID-m1zd-uytj-3bej
47
vulnerability VCID-m2zn-ja8d-7kg8
48
vulnerability VCID-maw6-4qs5-ykae
49
vulnerability VCID-n3ab-nk7c-hqc9
50
vulnerability VCID-n3zn-tuck-gkfe
51
vulnerability VCID-nvbx-q971-skgm
52
vulnerability VCID-pqxe-tfhk-47b7
53
vulnerability VCID-ruuh-g3fa-m7d8
54
vulnerability VCID-sr8e-w1qk-r7fz
55
vulnerability VCID-t2ne-75ck-eqcr
56
vulnerability VCID-tfrs-d458-tfaq
57
vulnerability VCID-u3ck-cvgt-fuhd
58
vulnerability VCID-v8ku-sjc8-wfga
59
vulnerability VCID-vdnj-sqmx-e3ep
60
vulnerability VCID-vhjj-dnft-kkf4
61
vulnerability VCID-wbaq-j85q-y3c6
62
vulnerability VCID-wgsc-dnn1-ukeq
63
vulnerability VCID-xf8r-kqxb-7qdy
64
vulnerability VCID-y9ne-rw7e-vugf
65
vulnerability VCID-yfx4-4gsc-2kgh
66
vulnerability VCID-yxpq-rrry-j3h8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1
7
url pkg:maven/org.apache.tomcat/tomcat@9.0.106
purl pkg:maven/org.apache.tomcat/tomcat@9.0.106
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8war-4v58-eub2
1
vulnerability VCID-9kfe-1esf-uydm
2
vulnerability VCID-fpgj-82wf-ykbw
3
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.106
8
url pkg:maven/org.apache.tomcat/tomcat-util@8.5.0
purl pkg:maven/org.apache.tomcat/tomcat-util@8.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39e3-jfbg-s3hk
1
vulnerability VCID-4aaa-errb-2qdw
2
vulnerability VCID-9kfe-1esf-uydm
3
vulnerability VCID-a8gk-n8bq-87cp
4
vulnerability VCID-aeeu-fpay-wufz
5
vulnerability VCID-arkn-bca7-hqam
6
vulnerability VCID-b3bb-9ajg-sfc9
7
vulnerability VCID-hves-r5bg-yfes
8
vulnerability VCID-j6cj-ftyd-3ffa
9
vulnerability VCID-j8tk-s915-pbfy
10
vulnerability VCID-wbaq-j85q-y3c6
11
vulnerability VCID-xshb-a2kb-c7gs
12
vulnerability VCID-yfx4-4gsc-2kgh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@8.5.0
9
url pkg:maven/org.apache.tomcat/tomcat-util@8.5.100
purl pkg:maven/org.apache.tomcat/tomcat-util@8.5.100
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vdn-j7sj-dfdn
1
vulnerability VCID-9kfe-1esf-uydm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@8.5.100
10
url pkg:maven/org.apache.tomcat/tomcat-util@9.0.0.M1
purl pkg:maven/org.apache.tomcat/tomcat-util@9.0.0.M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39e3-jfbg-s3hk
1
vulnerability VCID-9kfe-1esf-uydm
2
vulnerability VCID-aeeu-fpay-wufz
3
vulnerability VCID-arkn-bca7-hqam
4
vulnerability VCID-hves-r5bg-yfes
5
vulnerability VCID-wbaq-j85q-y3c6
6
vulnerability VCID-xshb-a2kb-c7gs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-util@9.0.0.M1
11
url pkg:rpm/redhat/jws5-tomcat@9.0.87-12.redhat_00011.1?arch=el8jws
purl pkg:rpm/redhat/jws5-tomcat@9.0.87-12.redhat_00011.1?arch=el8jws
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-246u-a4rh-yyd4
1
vulnerability VCID-2x6a-3gh1-rkhs
2
vulnerability VCID-9kfe-1esf-uydm
3
vulnerability VCID-fpgj-82wf-ykbw
4
vulnerability VCID-gb2v-96xj-ybad
5
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.87-12.redhat_00011.1%3Farch=el8jws
12
url pkg:rpm/redhat/jws5-tomcat@9.0.87-12.redhat_00011.1?arch=el9jws
purl pkg:rpm/redhat/jws5-tomcat@9.0.87-12.redhat_00011.1?arch=el9jws
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-246u-a4rh-yyd4
1
vulnerability VCID-2x6a-3gh1-rkhs
2
vulnerability VCID-9kfe-1esf-uydm
3
vulnerability VCID-fpgj-82wf-ykbw
4
vulnerability VCID-gb2v-96xj-ybad
5
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.87-12.redhat_00011.1%3Farch=el9jws
13
url pkg:rpm/redhat/jws5-tomcat@9.0.87-12.redhat_00011.1?arch=el7jws
purl pkg:rpm/redhat/jws5-tomcat@9.0.87-12.redhat_00011.1?arch=el7jws
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-246u-a4rh-yyd4
1
vulnerability VCID-2x6a-3gh1-rkhs
2
vulnerability VCID-9kfe-1esf-uydm
3
vulnerability VCID-fpgj-82wf-ykbw
4
vulnerability VCID-gb2v-96xj-ybad
5
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.87-12.redhat_00011.1%3Farch=el7jws
14
url pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_8?arch=7
purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_8?arch=7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e6p-cppr-2bh2
1
vulnerability VCID-246u-a4rh-yyd4
2
vulnerability VCID-2x6a-3gh1-rkhs
3
vulnerability VCID-9kfe-1esf-uydm
4
vulnerability VCID-fpgj-82wf-ykbw
5
vulnerability VCID-gb2v-96xj-ybad
6
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_8%3Farch=7
15
url pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_10?arch=6
purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_10?arch=6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e6p-cppr-2bh2
1
vulnerability VCID-246u-a4rh-yyd4
2
vulnerability VCID-2x6a-3gh1-rkhs
3
vulnerability VCID-9kfe-1esf-uydm
4
vulnerability VCID-fpgj-82wf-ykbw
5
vulnerability VCID-gb2v-96xj-ybad
6
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el8_10%3Farch=6
16
url pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_2?arch=6
purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_2?arch=6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e6p-cppr-2bh2
1
vulnerability VCID-246u-a4rh-yyd4
2
vulnerability VCID-2x6a-3gh1-rkhs
3
vulnerability VCID-9kfe-1esf-uydm
4
vulnerability VCID-fpgj-82wf-ykbw
5
vulnerability VCID-gb2v-96xj-ybad
6
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_2%3Farch=6
17
url pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_4?arch=6
purl pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_4?arch=6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e6p-cppr-2bh2
1
vulnerability VCID-246u-a4rh-yyd4
2
vulnerability VCID-2x6a-3gh1-rkhs
3
vulnerability VCID-9kfe-1esf-uydm
4
vulnerability VCID-fpgj-82wf-ykbw
5
vulnerability VCID-gb2v-96xj-ybad
6
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-1.el9_4%3Farch=6
18
url pkg:rpm/redhat/tomcat@1:9.0.87-3.el9_6?arch=3
purl pkg:rpm/redhat/tomcat@1:9.0.87-3.el9_6?arch=3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e6p-cppr-2bh2
1
vulnerability VCID-246u-a4rh-yyd4
2
vulnerability VCID-2x6a-3gh1-rkhs
3
vulnerability VCID-9kfe-1esf-uydm
4
vulnerability VCID-fpgj-82wf-ykbw
5
vulnerability VCID-gb2v-96xj-ybad
6
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.87-3.el9_6%3Farch=3
19
url pkg:rpm/redhat/tomcat9@1:9.0.87-5.el10_0?arch=3
purl pkg:rpm/redhat/tomcat9@1:9.0.87-5.el10_0?arch=3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e6p-cppr-2bh2
1
vulnerability VCID-246u-a4rh-yyd4
2
vulnerability VCID-2x6a-3gh1-rkhs
3
vulnerability VCID-9kfe-1esf-uydm
4
vulnerability VCID-fpgj-82wf-ykbw
5
vulnerability VCID-gb2v-96xj-ybad
6
vulnerability VCID-k59r-wjt3-wqe5
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat9@1:9.0.87-5.el10_0%3Farch=3
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52434.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52434.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52434
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60729
published_at 2026-04-02T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60759
published_at 2026-04-04T12:55:00Z
2
value 0.00531
scoring_system epss
scoring_elements 0.67312
published_at 2026-04-11T12:55:00Z
3
value 0.00531
scoring_system epss
scoring_elements 0.67292
published_at 2026-04-09T12:55:00Z
4
value 0.00531
scoring_system epss
scoring_elements 0.67278
published_at 2026-04-08T12:55:00Z
5
value 0.00531
scoring_system epss
scoring_elements 0.67227
published_at 2026-04-07T12:55:00Z
6
value 0.00531
scoring_system epss
scoring_elements 0.67263
published_at 2026-04-13T12:55:00Z
7
value 0.00531
scoring_system epss
scoring_elements 0.67298
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52434
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018
5
reference_url https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-11T14:02:46Z/
url https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030
6
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-52434
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-52434
8
reference_url http://www.openwall.com/lists/oss-security/2025/07/10/11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/07/10/11
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2379382
reference_id 2379382
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2379382
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434
reference_id CVE-2025-52434
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434
11
reference_url https://github.com/advisories/GHSA-4j3c-42xv-3f84
reference_id GHSA-4j3c-42xv-3f84
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4j3c-42xv-3f84
12
reference_url https://access.redhat.com/errata/RHSA-2025:11695
reference_id RHSA-2025:11695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11695
13
reference_url https://access.redhat.com/errata/RHSA-2025:11696
reference_id RHSA-2025:11696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11696
14
reference_url https://access.redhat.com/errata/RHSA-2025:14177
reference_id RHSA-2025:14177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14177
15
reference_url https://access.redhat.com/errata/RHSA-2025:14178
reference_id RHSA-2025:14178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14178
16
reference_url https://access.redhat.com/errata/RHSA-2025:14180
reference_id RHSA-2025:14180
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14180
17
reference_url https://access.redhat.com/errata/RHSA-2025:14181
reference_id RHSA-2025:14181
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14181
18
reference_url https://access.redhat.com/errata/RHSA-2025:14182
reference_id RHSA-2025:14182
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14182
19
reference_url https://access.redhat.com/errata/RHSA-2025:14183
reference_id RHSA-2025:14183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14183
Weaknesses
0
cwe_id 362
name Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
description The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9kfe-1esf-uydm