{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63923?format=json","vulnerability_id":"VCID-m5jb-76rf-d7fx","summary":"","aliases":[{"alias":"CVE-2009-3548"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1114?format=json","purl":"pkg:apache/tomcat@5.5.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8sq-kpxp-3bb4"},{"vulnerability":"VCID-s3gw-mg9k-mfg2"},{"vulnerability":"VCID-y1dr-6adg-93ee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.29"},{"url":"http://public2.vulnerablecode.io/api/packages/1077?format=json","purl":"pkg:apache/tomcat@6.0.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.24"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1100?format=json","purl":"pkg:apache/tomcat@5.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-35p2-nqar-ekfs"},{"vulnerability":"VCID-3evg-7vy4-47a4"},{"vulnerability":"VCID-74c9-hu6z-8kg4"},{"vulnerability":"VCID-7bth-46rq-d3h2"},{"vulnerability":"VCID-8tk5-k5f1-g3fb"},{"vulnerability":"VCID-99y2-kk3y-dkdu"},{"vulnerability":"VCID-9rur-fz8a-p3d7"},{"vulnerability":"VCID-9xyc-3a83-jqap"},{"vulnerability":"VCID-awrq-9r93-vyhd"},{"vulnerability":"VCID-bxjq-2fp7-h7g4"},{"vulnerability":"VCID-cphz-3xr3-z7be"},{"vulnerability":"VCID-czgs-upje-kffn"},{"vulnerability":"VCID-dap4-dpmg-wbad"},{"vulnerability":"VCID-dt1c-w14g-2fbd"},{"vulnerability":"VCID-f269-zjt1-7ke4"},{"vulnerability":"VCID-fr29-5pgc-nkgp"},{"vulnerability":"VCID-jjcq-qzpr-r3g9"},{"vulnerability":"VCID-m5jb-76rf-d7fx"},{"vulnerability":"VCID-mbz3-479y-ruey"},{"vulnerability":"VCID-mgjy-sbfz-1ueu"},{"vulnerability":"VCID-mu17-2uxr-4kd5"},{"vulnerability":"VCID-n1sw-988x-dqh2"},{"vulnerability":"VCID-npzg-ew7t-zff1"},{"vulnerability":"VCID-nt3f-snfk-vuh7"},{"vulnerability":"VCID-q8sq-kpxp-3bb4"},{"vulnerability":"VCID-qxj8-c1gm-f7ep"},{"vulnerability":"VCID-rrb9-d3a6-q3bz"},{"vulnerability":"VCID-s3gw-mg9k-mfg2"},{"vulnerability":"VCID-ssqj-d96y-y3hc"},{"vulnerability":"VCID-suth-x23g-rbdf"},{"vulnerability":"VCID-tdx3-4btg-j7ez"},{"vulnerability":"VCID-tqfw-77hy-ykg5"},{"vulnerability":"VCID-u477-kb4d-uuh7"},{"vulnerability":"VCID-va9j-s3bx-nycu"},{"vulnerability":"VCID-vaac-tnes-7ke6"},{"vulnerability":"VCID-vyhc-nkpu-a3dh"},{"vulnerability":"VCID-xkr7-rzu4-rfc1"},{"vulnerability":"VCID-y1dr-6adg-93ee"},{"vulnerability":"VCID-zby8-fvjf-afde"},{"vulnerability":"VCID-zgq8-wefp-j7ez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1118?format=json","purl":"pkg:apache/tomcat@5.5.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9rur-fz8a-p3d7"},{"vulnerability":"VCID-m5jb-76rf-d7fx"},{"vulnerability":"VCID-mgjy-sbfz-1ueu"},{"vulnerability":"VCID-ssqj-d96y-y3hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.28"},{"url":"http://public2.vulnerablecode.io/api/packages/1028?format=json","purl":"pkg:apache/tomcat@6.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ckp-gbvu-2bdy"},{"vulnerability":"VCID-1xhq-fftg-ufd2"},{"vulnerability":"VCID-3evg-7vy4-47a4"},{"vulnerability":"VCID-3p2v-jj5g-qbbp"},{"vulnerability":"VCID-4y66-yu6h-a3cy"},{"vulnerability":"VCID-62hn-sj8p-9fgs"},{"vulnerability":"VCID-6tzd-v653-9bdq"},{"vulnerability":"VCID-74c9-hu6z-8kg4"},{"vulnerability":"VCID-7bth-46rq-d3h2"},{"vulnerability":"VCID-8tk5-k5f1-g3fb"},{"vulnerability":"VCID-9a2q-ujcy-u3dx"},{"vulnerability":"VCID-9rur-fz8a-p3d7"},{"vulnerability":"VCID-a4k2-q92y-7khb"},{"vulnerability":"VCID-awrq-9r93-vyhd"},{"vulnerability":"VCID-bwn2-ebxb-xqbm"},{"vulnerability":"VCID-bxjq-2fp7-h7g4"},{"vulnerability":"VCID-cphz-3xr3-z7be"},{"vulnerability":"VCID-cpun-p57h-2fc7"},{"vulnerability":"VCID-czgs-upje-kffn"},{"vulnerability":"VCID-dap4-dpmg-wbad"},{"vulnerability":"VCID-dt1c-w14g-2fbd"},{"vulnerability":"VCID-f269-zjt1-7ke4"},{"vulnerability":"VCID-f6dc-5wps-z3ax"},{"vulnerability":"VCID-fje8-2ajy-kyb4"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-g2x3-6kx1-x7bg"},{"vulnerability":"VCID-jjcq-qzpr-r3g9"},{"vulnerability":"VCID-kv5j-8eqv-7bhy"},{"vulnerability":"VCID-m5jb-76rf-d7fx"},{"vulnerability":"VCID-m7b3-kxzn-t7hj"},{"vulnerability":"VCID-mbz3-479y-ruey"},{"vulnerability":"VCID-mgjy-sbfz-1ueu"},{"vulnerability":"VCID-mu17-2uxr-4kd5"},{"vulnerability":"VCID-ncxb-rxhz-u3eu"},{"vulnerability":"VCID-npzg-ew7t-zff1"},{"vulnerability":"VCID-nt3f-snfk-vuh7"},{"vulnerability":"VCID-q1pv-h34q-7ufy"},{"vulnerability":"VCID-q8sq-kpxp-3bb4"},{"vulnerability":"VCID-qxj8-c1gm-f7ep"},{"vulnerability":"VCID-rfbc-9e8h-gfhr"},{"vulnerability":"VCID-rrb9-d3a6-q3bz"},{"vulnerability":"VCID-s3gw-mg9k-mfg2"},{"vulnerability":"VCID-s4fd-atmc-qkcz"},{"vulnerability":"VCID-snut-ece8-sbfv"},{"vulnerability":"VCID-ssqj-d96y-y3hc"},{"vulnerability":"VCID-suth-x23g-rbdf"},{"vulnerability":"VCID-swxs-3ua6-3yfn"},{"vulnerability":"VCID-tdx3-4btg-j7ez"},{"vulnerability":"VCID-tqfw-77hy-ykg5"},{"vulnerability":"VCID-u477-kb4d-uuh7"},{"vulnerability":"VCID-uuw9-dvzz-mqgj"},{"vulnerability":"VCID-va9j-s3bx-nycu"},{"vulnerability":"VCID-vupj-tk3j-vfdf"},{"vulnerability":"VCID-vyf9-rzw1-sffy"},{"vulnerability":"VCID-vyhc-nkpu-a3dh"},{"vulnerability":"VCID-wkxm-2pd8-vqg9"},{"vulnerability":"VCID-wu55-n9ff-sbbf"},{"vulnerability":"VCID-xjen-b9ss-33by"},{"vulnerability":"VCID-xkr7-rzu4-rfc1"},{"vulnerability":"VCID-y1dr-6adg-93ee"},{"vulnerability":"VCID-y97x-xaq8-h3bu"},{"vulnerability":"VCID-yqd8-3j9e-cken"},{"vulnerability":"VCID-zby8-fvjf-afde"},{"vulnerability":"VCID-znw1-bajd-7yfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1076?format=json","purl":"pkg:apache/tomcat@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9rur-fz8a-p3d7"},{"vulnerability":"VCID-m5jb-76rf-d7fx"},{"vulnerability":"VCID-mgjy-sbfz-1ueu"},{"vulnerability":"VCID-ssqj-d96y-y3hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/1103?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-35p2-nqar-ekfs"},{"vulnerability":"VCID-3evg-7vy4-47a4"},{"vulnerability":"VCID-3urp-gu8z-fke3"},{"vulnerability":"VCID-46g2-sepj-guhe"},{"vulnerability":"VCID-74c9-hu6z-8kg4"},{"vulnerability":"VCID-7bth-46rq-d3h2"},{"vulnerability":"VCID-8q8c-3e7u-qbc5"},{"vulnerability":"VCID-8tk5-k5f1-g3fb"},{"vulnerability":"VCID-99y2-kk3y-dkdu"},{"vulnerability":"VCID-9rur-fz8a-p3d7"},{"vulnerability":"VCID-9xyc-3a83-jqap"},{"vulnerability":"VCID-awrq-9r93-vyhd"},{"vulnerability":"VCID-bxjq-2fp7-h7g4"},{"vulnerability":"VCID-c3qy-96ka-pucw"},{"vulnerability":"VCID-cphz-3xr3-z7be"},{"vulnerability":"VCID-czgs-upje-kffn"},{"vulnerability":"VCID-dap4-dpmg-wbad"},{"vulnerability":"VCID-dt1c-w14g-2fbd"},{"vulnerability":"VCID-f269-zjt1-7ke4"},{"vulnerability":"VCID-f8ne-yqzk-jbds"},{"vulnerability":"VCID-fr29-5pgc-nkgp"},{"vulnerability":"VCID-hn9b-5btp-v3fn"},{"vulnerability":"VCID-jjcq-qzpr-r3g9"},{"vulnerability":"VCID-jvtf-mg1j-a3ab"},{"vulnerability":"VCID-m5jb-76rf-d7fx"},{"vulnerability":"VCID-mbz3-479y-ruey"},{"vulnerability":"VCID-mgjy-sbfz-1ueu"},{"vulnerability":"VCID-mu17-2uxr-4kd5"},{"vulnerability":"VCID-n1sw-988x-dqh2"},{"vulnerability":"VCID-npzg-ew7t-zff1"},{"vulnerability":"VCID-nt3f-snfk-vuh7"},{"vulnerability":"VCID-ptqm-vybp-xbdc"},{"vulnerability":"VCID-q8sq-kpxp-3bb4"},{"vulnerability":"VCID-qxj8-c1gm-f7ep"},{"vulnerability":"VCID-rrb9-d3a6-q3bz"},{"vulnerability":"VCID-s3gw-mg9k-mfg2"},{"vulnerability":"VCID-ssqj-d96y-y3hc"},{"vulnerability":"VCID-suth-x23g-rbdf"},{"vulnerability":"VCID-tdx3-4btg-j7ez"},{"vulnerability":"VCID-tqfw-77hy-ykg5"},{"vulnerability":"VCID-u477-kb4d-uuh7"},{"vulnerability":"VCID-va9j-s3bx-nycu"},{"vulnerability":"VCID-vaac-tnes-7ke6"},{"vulnerability":"VCID-vyhc-nkpu-a3dh"},{"vulnerability":"VCID-xkr7-rzu4-rfc1"},{"vulnerability":"VCID-y1dr-6adg-93ee"},{"vulnerability":"VCID-zby8-fvjf-afde"},{"vulnerability":"VCID-zgq8-wefp-j7ez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1119?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@5.5.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9rur-fz8a-p3d7"},{"vulnerability":"VCID-m5jb-76rf-d7fx"},{"vulnerability":"VCID-mgjy-sbfz-1ueu"},{"vulnerability":"VCID-ssqj-d96y-y3hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.28"},{"url":"http://public2.vulnerablecode.io/api/packages/1031?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@6.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ckp-gbvu-2bdy"},{"vulnerability":"VCID-1xhq-fftg-ufd2"},{"vulnerability":"VCID-3evg-7vy4-47a4"},{"vulnerability":"VCID-3p2v-jj5g-qbbp"},{"vulnerability":"VCID-3urp-gu8z-fke3"},{"vulnerability":"VCID-46g2-sepj-guhe"},{"vulnerability":"VCID-4y66-yu6h-a3cy"},{"vulnerability":"VCID-62hn-sj8p-9fgs"},{"vulnerability":"VCID-6tzd-v653-9bdq"},{"vulnerability":"VCID-74c9-hu6z-8kg4"},{"vulnerability":"VCID-7bth-46rq-d3h2"},{"vulnerability":"VCID-8q8c-3e7u-qbc5"},{"vulnerability":"VCID-8tk5-k5f1-g3fb"},{"vulnerability":"VCID-9a2q-ujcy-u3dx"},{"vulnerability":"VCID-9rur-fz8a-p3d7"},{"vulnerability":"VCID-a4k2-q92y-7khb"},{"vulnerability":"VCID-awrq-9r93-vyhd"},{"vulnerability":"VCID-bwn2-ebxb-xqbm"},{"vulnerability":"VCID-bxjq-2fp7-h7g4"},{"vulnerability":"VCID-c3qy-96ka-pucw"},{"vulnerability":"VCID-cphz-3xr3-z7be"},{"vulnerability":"VCID-cpun-p57h-2fc7"},{"vulnerability":"VCID-czgs-upje-kffn"},{"vulnerability":"VCID-dap4-dpmg-wbad"},{"vulnerability":"VCID-dt1c-w14g-2fbd"},{"vulnerability":"VCID-f269-zjt1-7ke4"},{"vulnerability":"VCID-f6dc-5wps-z3ax"},{"vulnerability":"VCID-f8ne-yqzk-jbds"},{"vulnerability":"VCID-fje8-2ajy-kyb4"},{"vulnerability":"VCID-fy3t-qn64-bkhn"},{"vulnerability":"VCID-g2x3-6kx1-x7bg"},{"vulnerability":"VCID-hn9b-5btp-v3fn"},{"vulnerability":"VCID-jjcq-qzpr-r3g9"},{"vulnerability":"VCID-jvtf-mg1j-a3ab"},{"vulnerability":"VCID-kv5j-8eqv-7bhy"},{"vulnerability":"VCID-m5jb-76rf-d7fx"},{"vulnerability":"VCID-m7b3-kxzn-t7hj"},{"vulnerability":"VCID-mbz3-479y-ruey"},{"vulnerability":"VCID-mgjy-sbfz-1ueu"},{"vulnerability":"VCID-mu17-2uxr-4kd5"},{"vulnerability":"VCID-ncxb-rxhz-u3eu"},{"vulnerability":"VCID-npzg-ew7t-zff1"},{"vulnerability":"VCID-nt3f-snfk-vuh7"},{"vulnerability":"VCID-ptqm-vybp-xbdc"},{"vulnerability":"VCID-q1pv-h34q-7ufy"},{"vulnerability":"VCID-q8sq-kpxp-3bb4"},{"vulnerability":"VCID-qham-w946-67h8"},{"vulnerability":"VCID-qxj8-c1gm-f7ep"},{"vulnerability":"VCID-r94g-m96h-k3e6"},{"vulnerability":"VCID-rfbc-9e8h-gfhr"},{"vulnerability":"VCID-rrb9-d3a6-q3bz"},{"vulnerability":"VCID-s3gw-mg9k-mfg2"},{"vulnerability":"VCID-s4fd-atmc-qkcz"},{"vulnerability":"VCID-snut-ece8-sbfv"},{"vulnerability":"VCID-ssqj-d96y-y3hc"},{"vulnerability":"VCID-suth-x23g-rbdf"},{"vulnerability":"VCID-swxs-3ua6-3yfn"},{"vulnerability":"VCID-tdx3-4btg-j7ez"},{"vulnerability":"VCID-tqfw-77hy-ykg5"},{"vulnerability":"VCID-u477-kb4d-uuh7"},{"vulnerability":"VCID-uuw9-dvzz-mqgj"},{"vulnerability":"VCID-va9j-s3bx-nycu"},{"vulnerability":"VCID-vupj-tk3j-vfdf"},{"vulnerability":"VCID-vvzb-u4yd-fueg"},{"vulnerability":"VCID-vyf9-rzw1-sffy"},{"vulnerability":"VCID-vyhc-nkpu-a3dh"},{"vulnerability":"VCID-wkxm-2pd8-vqg9"},{"vulnerability":"VCID-wu55-n9ff-sbbf"},{"vulnerability":"VCID-x78g-4vth-xyde"},{"vulnerability":"VCID-xjen-b9ss-33by"},{"vulnerability":"VCID-xkr7-rzu4-rfc1"},{"vulnerability":"VCID-y1dr-6adg-93ee"},{"vulnerability":"VCID-y97x-xaq8-h3bu"},{"vulnerability":"VCID-yqd8-3j9e-cken"},{"vulnerability":"VCID-zby8-fvjf-afde"},{"vulnerability":"VCID-znw1-bajd-7yfp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1078?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9rur-fz8a-p3d7"},{"vulnerability":"VCID-m5jb-76rf-d7fx"},{"vulnerability":"VCID-mgjy-sbfz-1ueu"},{"vulnerability":"VCID-ssqj-d96y-y3hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.20"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3548","reference_id":"","reference_type":"","scores":[{"value":"0.86896","scoring_system":"epss","scoring_elements":"0.9945","published_at":"2026-06-11T12:55:00Z"},{"value":"0.86896","scoring_system":"epss","scoring_elements":"0.99452","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3548"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=881771","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=881771"},{"reference_url":"https://svn.apache.org/viewvc?view=rev&rev=919006","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=rev&rev=919006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548","reference_id":"CVE-2009-3548","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31433.rb","reference_id":"CVE-2009-3548;OSVDB-60176","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31433.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16317.rb","reference_id":"CVE-2010-4094;CVE-2010-0557;CVE-2009-4189;CVE-2009-4188;CVE-2009-3843;CVE-2009-3548;OSVDB-60670;OSVDB-60317;OSVDB-60176","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16317.rb"},{"reference_url":"http://www.zerodayinitiative.com/advisories/ZDI-10-214/","reference_id":"CVE-2010-4094;CVE-2010-0557;CVE-2009-4189;CVE-2009-4188;CVE-2009-3843;CVE-2009-3548;OSVDB-60670;OSVDB-60317;OSVDB-60176","reference_type":"exploit","scores":[],"url":"http://www.zerodayinitiative.com/advisories/ZDI-10-214/"}],"weaknesses":[],"exploits":[{"date_added":"2014-02-05","description":"Apache Tomcat Manager - Application Upload (Authenticated) Code Execution (Metasploit)","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2014-02-05","exploit_type":"remote","platform":"multiple","source_date_updated":"2014-02-05","data_source":"Exploit-DB","source_url":""},{"date_added":null,"description":"This module can be used to execute a payload on Apache Tomcat servers that\n          have an exposed \"manager\" application. The payload is uploaded as a WAR archive\n          containing a jsp application using a POST request against the /manager/html/upload\n          component.\n\n          NOTE: The compatible payload sets vary based on the selected target. For\n          example, you must select the Windows target to use native Windows payloads.","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2009-11-09","exploit_type":null,"platform":"Java,Linux,Windows","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/tomcat_mgr_upload.rb"}],"severity_range_score":"0.1 - 3","exploitability":"2.0","weighted_severity":"2.7","risk_score":5.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5jb-76rf-d7fx"}