VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-a1en-zn2z-aaab

Essentials
Severities (126)
References (36)
Severity details (37)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-a1en-zn2z-aaab
Aliases	CVE-2021-43980 GHSA-jx7c-7mj5-9438
Summary	Apache Tomcat Race Condition vulnerability
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00149	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00149	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00149	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00149	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00162	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
epss	0.00551	https://api.first.org/data/v1/epss?cve=CVE-2021-43980
apache_tomcat	High	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-jx7c-7mj5-9438
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-jx7c-7mj5-9438
cvssv3.1	7.5	https://github.com/apache/tomcat
generic_textual	HIGH	https://github.com/apache/tomcat
cvssv3.1	3.7	https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1
generic_textual	LOW	https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1
cvssv3.1	3.7	https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13
generic_textual	LOW	https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13
cvssv3.1	3.7	https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb
generic_textual	LOW	https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb
cvssv3.1	3.7	https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc
generic_textual	LOW	https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc
cvssv3.1	3.7	https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
generic_textual	LOW	https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
ssvc	Track	https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
cvssv3.1	3.7	https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
cvssv3	3.7	https://nvd.nist.gov/vuln/detail/CVE-2021-43980
cvssv3.1	3.7	https://nvd.nist.gov/vuln/detail/CVE-2021-43980
cvssv3.1	7.5	https://tomcat.apache.org/security-10.html
generic_textual	HIGH	https://tomcat.apache.org/security-10.html
cvssv3.1	5.3	https://tomcat.apache.org/security-8.html
generic_textual	MODERATE	https://tomcat.apache.org/security-8.html
cvssv3.1	7.5	https://tomcat.apache.org/security-9.html
generic_textual	HIGH	https://tomcat.apache.org/security-9.html
cvssv3.1	3.7	https://www.debian.org/security/2022/dsa-5265
cvssv3.1	7.5	https://www.debian.org/security/2022/dsa-5265
generic_textual	HIGH	https://www.debian.org/security/2022/dsa-5265
ssvc	Track	https://www.debian.org/security/2022/dsa-5265
cvssv3.1	3.7	http://www.openwall.com/lists/oss-security/2022/09/28/1
generic_textual	LOW	http://www.openwall.com/lists/oss-security/2022/09/28/1
ssvc	Track	http://www.openwall.com/lists/oss-security/2022/09/28/1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-43980
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1
		https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13
		https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb
		https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc
		https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
		https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
		https://tomcat.apache.org/security-10.html
		https://tomcat.apache.org/security-8.html
		https://tomcat.apache.org/security-9.html
		https://www.debian.org/security/2022/dsa-5265
		http://www.openwall.com/lists/oss-security/2022/09/28/1
2130599		https://bugzilla.redhat.com/show_bug.cgi?id=2130599
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
CVE-2021-43980		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43980
CVE-2021-43980		https://nvd.nist.gov/vuln/detail/CVE-2021-43980
GHSA-jx7c-7mj5-9438		https://github.com/advisories/GHSA-jx7c-7mj5-9438
RHSA-2022:7272		https://access.redhat.com/errata/RHSA-2022:7272
RHSA-2022:7273		https://access.redhat.com/errata/RHSA-2022:7273

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43980.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/17f177eeb7df5938f67ef9ea580411b120195f13

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/9651b83a1d04583791525e5f0c4c9089f678d9fc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/ Found at https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/ Found at https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43980

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43980

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-10.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://tomcat.apache.org/security-8.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-9.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://www.debian.org/security/2022/dsa-5265

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2022/dsa-5265

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/ Found at https://www.debian.org/security/2022/dsa-5265

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2022/09/28/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T14:59:33Z/ Found at http://www.openwall.com/lists/oss-security/2022/09/28/1

Exploit Prediction Scoring System (EPSS)

Percentile	0.22393
EPSS Score	0.00087
Published At	April 13, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.