Vulnerability Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4957?format=api",
    "vulnerability_id": "VCID-rybd-nsf5-j7fr",
    "summary": "The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.",
    "aliases": [
        {
            "alias": "CVE-2002-2007"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1562?format=api",
            "purl": "pkg:apache/tomcat@3.3.0-a",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-6ss8-442a-3baf"
                },
                {
                    "vulnerability": "VCID-6yk2-f8d5-cyc3"
                },
                {
                    "vulnerability": "VCID-9rpn-zb26-yfdk"
                },
                {
                    "vulnerability": "VCID-shq7-jxup-5fgk"
                },
                {
                    "vulnerability": "VCID-x6zh-jypa-pbcc"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.3.0-a"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1577?format=api",
            "purl": "pkg:apache/tomcat@3.2.3",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-56a7-wfbu-7be8"
                },
                {
                    "vulnerability": "VCID-rybd-nsf5-j7fr"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.2.3"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1561?format=api",
            "purl": "pkg:apache/tomcat@3.2.4",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-2fb2-r763-ybg5"
                },
                {
                    "vulnerability": "VCID-6ss8-442a-3baf"
                },
                {
                    "vulnerability": "VCID-6yk2-f8d5-cyc3"
                },
                {
                    "vulnerability": "VCID-9rpn-zb26-yfdk"
                },
                {
                    "vulnerability": "VCID-edmc-muvz-5ufu"
                },
                {
                    "vulnerability": "VCID-rybd-nsf5-j7fr"
                },
                {
                    "vulnerability": "VCID-shq7-jxup-5fgk"
                },
                {
                    "vulnerability": "VCID-x6zh-jypa-pbcc"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@3.2.4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1578?format=api",
            "purl": "pkg:maven/org.apache.tomcat/tomcat@3.2.3",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-56a7-wfbu-7be8"
                },
                {
                    "vulnerability": "VCID-rybd-nsf5-j7fr"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.2.3"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1568?format=api",
            "purl": "pkg:maven/org.apache.tomcat/tomcat@3.2.4",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-2fb2-r763-ybg5"
                },
                {
                    "vulnerability": "VCID-6ss8-442a-3baf"
                },
                {
                    "vulnerability": "VCID-6yk2-f8d5-cyc3"
                },
                {
                    "vulnerability": "VCID-9rpn-zb26-yfdk"
                },
                {
                    "vulnerability": "VCID-edmc-muvz-5ufu"
                },
                {
                    "vulnerability": "VCID-rybd-nsf5-j7fr"
                },
                {
                    "vulnerability": "VCID-shq7-jxup-5fgk"
                },
                {
                    "vulnerability": "VCID-x6zh-jypa-pbcc"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.2.4"
        }
    ],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2007",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95912",
                    "published_at": "2026-05-14T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95815",
                    "published_at": "2026-04-01T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95823",
                    "published_at": "2026-04-02T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95832",
                    "published_at": "2026-04-04T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95834",
                    "published_at": "2026-04-07T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95843",
                    "published_at": "2026-04-08T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95846",
                    "published_at": "2026-04-09T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95849",
                    "published_at": "2026-04-12T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95851",
                    "published_at": "2026-04-13T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95862",
                    "published_at": "2026-04-16T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95868",
                    "published_at": "2026-04-18T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.9587",
                    "published_at": "2026-04-21T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95872",
                    "published_at": "2026-04-29T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95884",
                    "published_at": "2026-05-05T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95886",
                    "published_at": "2026-05-07T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95892",
                    "published_at": "2026-05-09T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95894",
                    "published_at": "2026-05-11T12:55:00Z"
                },
                {
                    "value": "0.22609",
                    "scoring_system": "epss",
                    "scoring_elements": "0.95899",
                    "published_at": "2026-05-12T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2007"
        },
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007",
            "reference_id": "CVE-2002-2007",
            "reference_type": "",
            "scores": [
                {
                    "value": "Moderate",
                    "scoring_system": "apache_tomcat",
                    "scoring_elements": ""
                }
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21490.txt",
            "reference_id": "CVE-2002-2007;OSVDB-13304",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21490.txt"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21491.txt",
            "reference_id": "CVE-2002-2007;OSVDB-13304",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21491.txt"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21492.txt",
            "reference_id": "CVE-2002-2007;OSVDB-13304",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21492.txt"
        },
        {
            "reference_url": "https://www.securityfocus.com/bid/4876/info",
            "reference_id": "CVE-2002-2007;OSVDB-13304",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://www.securityfocus.com/bid/4876/info"
        },
        {
            "reference_url": "https://www.securityfocus.com/bid/4877/info",
            "reference_id": "CVE-2002-2007;OSVDB-13304",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://www.securityfocus.com/bid/4877/info"
        },
        {
            "reference_url": "https://www.securityfocus.com/bid/4878/info",
            "reference_id": "CVE-2002-2007;OSVDB-13304",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://www.securityfocus.com/bid/4878/info"
        }
    ],
    "weaknesses": [],
    "exploits": [
        {
            "date_added": "2002-05-29",
            "description": "Apache Tomcat 3.2.3/3.2.4 - Example Files Web Root Full Path Disclosure",
            "required_action": null,
            "due_date": null,
            "notes": null,
            "known_ransomware_campaign_use": true,
            "source_date_published": "2002-05-29",
            "exploit_type": "remote",
            "platform": "multiple",
            "source_date_updated": "2012-09-23",
            "data_source": "Exploit-DB",
            "source_url": "https://www.securityfocus.com/bid/4877/info"
        }
    ],
    "severity_range_score": "4.0 - 6.9",
    "exploitability": "2.0",
    "weighted_severity": "6.2",
    "risk_score": 10.0,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rybd-nsf5-j7fr"
}