VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-7pd9-1r19-73fe

Essentials
Severities (22)
References (18)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-7pd9-1r19-73fe
Aliases	CVE-2007-6286 GHSA-qrj4-rmqg-4hcp
Summary	Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
generic_textual	MODERATE	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
generic_textual	MODERATE	http://marc.info/?l=bugtraq&m=139344343412337&w=2
epss	0.09459	https://api.first.org/data/v1/epss?cve=CVE-2007-6286
epss	0.09459	https://api.first.org/data/v1/epss?cve=CVE-2007-6286
epss	0.09459	https://api.first.org/data/v1/epss?cve=CVE-2007-6286
epss	0.09459	https://api.first.org/data/v1/epss?cve=CVE-2007-6286
epss	0.09459	https://api.first.org/data/v1/epss?cve=CVE-2007-6286
epss	0.09459	https://api.first.org/data/v1/epss?cve=CVE-2007-6286
epss	0.09459	https://api.first.org/data/v1/epss?cve=CVE-2007-6286
epss	0.09459	https://api.first.org/data/v1/epss?cve=CVE-2007-6286
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-qrj4-rmqg-4hcp
generic_textual	MODERATE	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2007-6286
generic_textual	MODERATE	http://support.apple.com/kb/HT3216
generic_textual	MODERATE	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
generic_textual	MODERATE	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
generic_textual	MODERATE	http://tomcat.apache.org/security-5.html
generic_textual	MODERATE	http://tomcat.apache.org/security-6.html

Reference id	Reference type	URL
		http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
		http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
		http://marc.info/?l=bugtraq&m=139344343412337&w=2
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6286.json
		https://api.first.org/data/v1/epss?cve=CVE-2007-6286
		https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
		https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
		https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
		http://support.apple.com/kb/HT3216
		https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
		https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
		http://tomcat.apache.org/security-5.html
		http://tomcat.apache.org/security-6.html
432332		https://bugzilla.redhat.com/show_bug.cgi?id=432332
CVE-2007-6286		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
CVE-2007-6286		https://nvd.nist.gov/vuln/detail/CVE-2007-6286
GHSA-qrj4-rmqg-4hcp		https://github.com/advisories/GHSA-qrj4-rmqg-4hcp
GLSA-200804-10		https://security.gentoo.org/glsa/200804-10

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.92785
EPSS Score	0.09459
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:38:17.760562+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-6.html	38.0.0