{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5849?format=json","vulnerability_id":"VCID-dxkq-jhq6-qbad","summary":"denial of service","aliases":[{"alias":"CVE-2020-13934"},{"alias":"GHSA-vf77-8h7g-gghp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2649?format=json","purl":"pkg:alpm/archlinux/tomcat9@9.0.37-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/tomcat9@9.0.37-1"},{"url":"http://public2.vulnerablecode.io/api/packages/5556?format=json","purl":"pkg:deb/debian/tomcat9@9.0.43-2~deb11u10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10"},{"url":"http://public2.vulnerablecode.io/api/packages/60397?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.56","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.56"},{"url":"http://public2.vulnerablecode.io/api/packages/60398?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.36","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.36"},{"url":"http://public2.vulnerablecode.io/api/packages/60399?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6"},{"url":"http://public2.vulnerablecode.io/api/packages/60409?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.56","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.56"},{"url":"http://public2.vulnerablecode.io/api/packages/60410?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.36","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.36"},{"url":"http://public2.vulnerablecode.io/api/packages/60411?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.0-M6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.0-M6"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2648?format=json","purl":"pkg:alpm/archlinux/tomcat9@9.0.35-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dxkq-jhq6-qbad"},{"vulnerability":"VCID-jbh7-zmq6-bfgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/tomcat9@9.0.35-1"},{"url":"http://public2.vulnerablecode.io/api/packages/5555?format=json","purl":"pkg:deb/debian/tomcat9@9.0.31-1~deb10u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9e2b-7qtg-tbaj"},{"vulnerability":"VCID-dxkq-jhq6-qbad"},{"vulnerability":"VCID-jbh7-zmq6-bfgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.31-1~deb10u6"},{"url":"http://public2.vulnerablecode.io/api/packages/60394?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dxkq-jhq6-qbad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60395?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0-M.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dxkq-jhq6-qbad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0-M.5"},{"url":"http://public2.vulnerablecode.io/api/packages/60396?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.0.0-M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dxkq-jhq6-qbad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M1"},{"url":"http://public2.vulnerablecode.io/api/packages/60406?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dxkq-jhq6-qbad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60407?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.0-M.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dxkq-jhq6-qbad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.0-M.5"},{"url":"http://public2.vulnerablecode.io/api/packages/60408?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.0-M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dxkq-jhq6-qbad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.0-M1"}],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934"},{"reference_url":"https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200724-0003","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200724-0003"},{"reference_url":"https://usn.ubuntu.com/4596-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4596-1"},{"reference_url":"https://www.debian.org/security/2020/dsa-4727","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4727"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://security.archlinux.org/AVG-1205","reference_id":"AVG-1205","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1205"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13934","reference_id":"CVE-2020-13934","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13934"},{"reference_url":"https://github.com/advisories/GHSA-vf77-8h7g-gghp","reference_id":"GHSA-vf77-8h7g-gghp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vf77-8h7g-gghp"}],"weaknesses":[{"cwe_id":119,"name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","description":"The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer."},{"cwe_id":476,"name":"NULL Pointer Dereference","description":"A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxkq-jhq6-qbad"}