{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5848?format=json","vulnerability_id":"VCID-jbh7-zmq6-bfgs","summary":"denial of service","aliases":[{"alias":"CVE-2020-13935"},{"alias":"GHSA-m7jv-hq7h-mq7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2649?format=json","purl":"pkg:alpm/archlinux/tomcat9@9.0.37-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/tomcat9@9.0.37-1"},{"url":"http://public2.vulnerablecode.io/api/packages/5556?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10"},{"url":"http://public2.vulnerablecode.io/api/packages/60400?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.104","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.104"},{"url":"http://public2.vulnerablecode.io/api/packages/60397?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.56","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.56"},{"url":"http://public2.vulnerablecode.io/api/packages/60399?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6"},{"url":"http://public2.vulnerablecode.io/api/packages/60414?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.104","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.104"},{"url":"http://public2.vulnerablecode.io/api/packages/60413?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.56"},{"url":"http://public2.vulnerablecode.io/api/packages/60412?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.36"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2648?format=json","purl":"pkg:alpm/archlinux/tomcat9@9.0.35-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dxkq-jhq6-qbad"},{"vulnerability":"VCID-jbh7-zmq6-bfgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/tomcat9@9.0.35-1"},{"url":"http://public2.vulnerablecode.io/api/packages/5555?format=json","purl":"pkg:deb/debian/tomcat9@9.0.31-1~deb10u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9e2b-7qtg-tbaj"},{"vulnerability":"VCID-dxkq-jhq6-qbad"},{"vulnerability":"VCID-jbh7-zmq6-bfgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.31-1~deb10u6"}],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10332","reference_id":"","reference_type":"","scores":[],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10332"},{"reference_url":"https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200724-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200724-0003/"},{"reference_url":"https://usn.ubuntu.com/4448-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4448-1/"},{"reference_url":"https://usn.ubuntu.com/4596-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4596-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4727","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4727"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://security.archlinux.org/AVG-1205","reference_id":"AVG-1205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1205"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13935","reference_id":"CVE-2020-13935","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13935"},{"reference_url":"https://github.com/advisories/GHSA-m7jv-hq7h-mq7c","reference_id":"GHSA-m7jv-hq7h-mq7c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m7jv-hq7h-mq7c"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":835,"name":"Loop with Unreachable Exit Condition ('Infinite Loop')","description":"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbh7-zmq6-bfgs"}