Search for vulnerabilities
Vulnerability details: VCID-en12-rf3h-aaah
Vulnerability ID VCID-en12-rf3h-aaah
Aliases CVE-2015-5345
GHSA-rh8q-vjgf-gf74
Summary The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-552 Files or Directories Accessible to External Parties
System Score Found at
cvssv3.1 6.3 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
cvssv3.1 6.3 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
cvssv3.1 4.3 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
cvssv3.1 6.3 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
cvssv3.1 4.3 http://marc.info/?l=bugtraq&m=145974991225029&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=145974991225029&w=2
cvssv3.1 5.3 http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
generic_textual MODERATE http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5345.html
cvssv3.1 6.3 http://rhn.redhat.com/errata/RHSA-2016-1089.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-1089.html
cvssv3.1 4.3 http://rhn.redhat.com/errata/RHSA-2016-2045.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-2045.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2016-2599.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2016-2599.html
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1087
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1088
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1089
rhas Important https://access.redhat.com/errata/RHSA-2016:2045
rhas Moderate https://access.redhat.com/errata/RHSA-2016:2599
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5345.json
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.00520 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.22559 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.22559 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.22559 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.33648 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.33648 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.33648 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.36609 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.39867 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.39867 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.39867 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.46192 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.46192 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.46192 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.46192 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.46192 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.46192 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.46192 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.46192 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.46192 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.49424 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
epss 0.64477 https://api.first.org/data/v1/epss?cve=CVE-2015-5345
cvssv3.1 6.3 https://bto.bluecoat.com/security-advisory/sa118
generic_textual MODERATE https://bto.bluecoat.com/security-advisory/sa118
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1311089
cvssv3.1 5.3 https://bz.apache.org/bugzilla/show_bug.cgi?id=58765
generic_textual MODERATE https://bz.apache.org/bugzilla/show_bug.cgi?id=58765
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
cvssv3.1 5.3 http://seclists.org/bugtraq/2016/Feb/146
generic_textual MODERATE http://seclists.org/bugtraq/2016/Feb/146
cvssv3.1 5.3 http://seclists.org/fulldisclosure/2016/Feb/122
generic_textual MODERATE http://seclists.org/fulldisclosure/2016/Feb/122
cvssv2 5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-rh8q-vjgf-gf74
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
cvssv3.1 5.3 https://github.com/apache/tomcat80/commit/2b643a4e36d318d55ec57fee57610671656d23c0
generic_textual MODERATE https://github.com/apache/tomcat80/commit/2b643a4e36d318d55ec57fee57610671656d23c0
cvssv3.1 5.3 https://github.com/apache/tomcat80/commit/c15c2aba8eb42425f9ebcfcaef579dada38ad3a2
generic_textual MODERATE https://github.com/apache/tomcat80/commit/c15c2aba8eb42425f9ebcfcaef579dada38ad3a2
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/127d8ea86d245846f0472865f0eb1eb111955e71
generic_textual MODERATE https://github.com/apache/tomcat/commit/127d8ea86d245846f0472865f0eb1eb111955e71
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/58c09b6217c546e1a251a82da227018f05277228
generic_textual MODERATE https://github.com/apache/tomcat/commit/58c09b6217c546e1a251a82da227018f05277228
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/66daa4adc14b3e939659879153c0a579fdfcb099
generic_textual MODERATE https://github.com/apache/tomcat/commit/66daa4adc14b3e939659879153c0a579fdfcb099
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/7288bc70a14edcfeff0a96e333a858be374cfc64
generic_textual MODERATE https://github.com/apache/tomcat/commit/7288bc70a14edcfeff0a96e333a858be374cfc64
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/816552abf6735fa37dfd37c8a7bfbdbd045477e0
generic_textual MODERATE https://github.com/apache/tomcat/commit/816552abf6735fa37dfd37c8a7bfbdbd045477e0
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/8437193708e4bf6b2861a7953dc472f9dad49111
generic_textual MODERATE https://github.com/apache/tomcat/commit/8437193708e4bf6b2861a7953dc472f9dad49111
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/89cd0cf33a99dbbcf5c69050a83b6876e39269d7
generic_textual MODERATE https://github.com/apache/tomcat/commit/89cd0cf33a99dbbcf5c69050a83b6876e39269d7
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/a273b5f45cb46a273d06510a689fc314155a952d
generic_textual MODERATE https://github.com/apache/tomcat/commit/a273b5f45cb46a273d06510a689fc314155a952d
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/c584c7c4ab0686e4125eefcd0afb32fb8269da3d
generic_textual MODERATE https://github.com/apache/tomcat/commit/c584c7c4ab0686e4125eefcd0afb32fb8269da3d
cvssv3.1 4.3 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
generic_textual MODERATE https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
cvssv3.1 6.3 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
generic_textual MODERATE https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
cvssv3.1 6.3 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
generic_textual MODERATE https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
cvssv3.1 5.3 https://kc.mcafee.com/corporate/index?page=content&id=SB10156
generic_textual MODERATE https://kc.mcafee.com/corporate/index?page=content&id=SB10156
cvssv3.1 7.5 https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
cvssv3.1 8.1 https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2015-5345
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2015-5345
cvssv3.1 9.8 https://security.gentoo.org/glsa/201705-09
generic_textual CRITICAL https://security.gentoo.org/glsa/201705-09
cvssv3.1 6.3 https://security.netapp.com/advisory/ntap-20180531-0001
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20180531-0001
generic_textual Medium https://ubuntu.com/security/notices/USN-3024-1
cvssv3.1 5.3 http://svn.apache.org/viewvc?view=revision&revision=1715206
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1715206
cvssv3.1 5.3 http://svn.apache.org/viewvc?view=revision&revision=1715207
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1715207
cvssv3.1 5.3 http://svn.apache.org/viewvc?view=revision&revision=1715213
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1715213
cvssv3.1 5.3 http://svn.apache.org/viewvc?view=revision&revision=1715216
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1715216
cvssv3.1 5.3 http://svn.apache.org/viewvc?view=revision&revision=1716882
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1716882
cvssv3.1 5.3 http://svn.apache.org/viewvc?view=revision&revision=1716894
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1716894
cvssv3.1 5.3 http://svn.apache.org/viewvc?view=revision&revision=1717209
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1717209
cvssv3.1 5.3 http://svn.apache.org/viewvc?view=revision&revision=1717212
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1717212
cvssv3.1 5.3 http://svn.apache.org/viewvc?view=revision&revision=1717216
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1717216
cvssv3.1 5.3 https://web.archive.org/web/20160321235514/http://www.securitytracker.com/id/1035071
generic_textual MODERATE https://web.archive.org/web/20160321235514/http://www.securitytracker.com/id/1035071
cvssv3.1 5.3 https://web.archive.org/web/20160804024910/http://www.securityfocus.com/bid/83328
generic_textual MODERATE https://web.archive.org/web/20160804024910/http://www.securityfocus.com/bid/83328
cvssv3.1 9.8 http://tomcat.apache.org/security-6.html
generic_textual CRITICAL http://tomcat.apache.org/security-6.html
cvssv3.1 9.8 http://tomcat.apache.org/security-7.html
generic_textual CRITICAL http://tomcat.apache.org/security-7.html
cvssv3.1 9.8 http://tomcat.apache.org/security-8.html
generic_textual CRITICAL http://tomcat.apache.org/security-8.html
cvssv3.1 9.8 http://tomcat.apache.org/security-9.html
generic_textual CRITICAL http://tomcat.apache.org/security-9.html
cvssv3.1 6.3 http://www.debian.org/security/2016/dsa-3530
generic_textual MODERATE http://www.debian.org/security/2016/dsa-3530
cvssv3.1 6.3 http://www.debian.org/security/2016/dsa-3552
generic_textual MODERATE http://www.debian.org/security/2016/dsa-3552
cvssv3.1 7.5 http://www.debian.org/security/2016/dsa-3609
generic_textual HIGH http://www.debian.org/security/2016/dsa-3609
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
cvssv3.1 5.3 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
cvssv3.1 7.5 http://www.ubuntu.com/usn/USN-3024-1
generic_textual HIGH http://www.ubuntu.com/usn/USN-3024-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
http://marc.info/?l=bugtraq&m=145974991225029&w=2
http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5345.html
http://rhn.redhat.com/errata/RHSA-2016-1089.html
http://rhn.redhat.com/errata/RHSA-2016-2045.html
http://rhn.redhat.com/errata/RHSA-2016-2599.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5345.json
https://api.first.org/data/v1/epss?cve=CVE-2015-5345
https://bto.bluecoat.com/security-advisory/sa118
https://bz.apache.org/bugzilla/show_bug.cgi?id=58765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
http://seclists.org/bugtraq/2016/Feb/146
http://seclists.org/fulldisclosure/2016/Feb/122
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/tomcat
https://github.com/apache/tomcat70/commit/7288bc70a14edcfeff0a96e333a858be374cfc64
https://github.com/apache/tomcat70/commit/a273b5f45cb46a273d06510a689fc314155a952d
https://github.com/apache/tomcat80/commit/2b643a4e36d318d55ec57fee57610671656d23c0
https://github.com/apache/tomcat80/commit/c15c2aba8eb42425f9ebcfcaef579dada38ad3a2
https://github.com/apache/tomcat/commit/127d8ea86d245846f0472865f0eb1eb111955e71
https://github.com/apache/tomcat/commit/58c09b6217c546e1a251a82da227018f05277228
https://github.com/apache/tomcat/commit/66daa4adc14b3e939659879153c0a579fdfcb099
https://github.com/apache/tomcat/commit/7288bc70a14edcfeff0a96e333a858be374cfc64
https://github.com/apache/tomcat/commit/816552abf6735fa37dfd37c8a7bfbdbd045477e0
https://github.com/apache/tomcat/commit/8437193708e4bf6b2861a7953dc472f9dad49111
https://github.com/apache/tomcat/commit/89cd0cf33a99dbbcf5c69050a83b6876e39269d7
https://github.com/apache/tomcat/commit/a273b5f45cb46a273d06510a689fc314155a952d
https://github.com/apache/tomcat/commit/c584c7c4ab0686e4125eefcd0afb32fb8269da3d
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
https://kc.mcafee.com/corporate/index?page=content&id=SB10156
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
https://security.gentoo.org/glsa/201705-09
https://security.netapp.com/advisory/ntap-20180531-0001
https://security.netapp.com/advisory/ntap-20180531-0001/
https://svn.apache.org/viewvc?view=rev&rev=1715206
https://svn.apache.org/viewvc?view=rev&rev=1715207
https://svn.apache.org/viewvc?view=rev&rev=1715213
https://svn.apache.org/viewvc?view=rev&rev=1715216
https://svn.apache.org/viewvc?view=rev&rev=1716860
https://svn.apache.org/viewvc?view=rev&rev=1716882
https://svn.apache.org/viewvc?view=rev&rev=1716894
https://svn.apache.org/viewvc?view=rev&rev=1717209
https://svn.apache.org/viewvc?view=rev&rev=1717212
https://svn.apache.org/viewvc?view=rev&rev=1717216
https://ubuntu.com/security/notices/USN-3024-1
http://svn.apache.org/viewvc?view=revision&revision=1715206
http://svn.apache.org/viewvc?view=revision&revision=1715207
http://svn.apache.org/viewvc?view=revision&revision=1715213
http://svn.apache.org/viewvc?view=revision&revision=1715216
http://svn.apache.org/viewvc?view=revision&revision=1716882
http://svn.apache.org/viewvc?view=revision&revision=1716894
http://svn.apache.org/viewvc?view=revision&revision=1717209
http://svn.apache.org/viewvc?view=revision&revision=1717212
http://svn.apache.org/viewvc?view=revision&revision=1717216
https://web.archive.org/web/20160321235514/http://www.securitytracker.com/id/1035071
https://web.archive.org/web/20160804024910/http://www.securityfocus.com/bid/83328
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-9.html
http://www.debian.org/security/2016/dsa-3530
http://www.debian.org/security/2016/dsa-3552
http://www.debian.org/security/2016/dsa-3609
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.securityfocus.com/bid/83328
http://www.securitytracker.com/id/1035071
http://www.ubuntu.com/usn/USN-3024-1
1311089 https://bugzilla.redhat.com/show_bug.cgi?id=1311089
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2015-5345 https://nvd.nist.gov/vuln/detail/CVE-2015-5345
CVE-2015-5345-APACHE-TOMCAT-VULNERABILITY.HTML http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html
GHSA-rh8q-vjgf-gf74 https://github.com/advisories/GHSA-rh8q-vjgf-gf74
RHSA-2016:1087 https://access.redhat.com/errata/RHSA-2016:1087
RHSA-2016:1088 https://access.redhat.com/errata/RHSA-2016:1088
RHSA-2016:1089 https://access.redhat.com/errata/RHSA-2016:1089
RHSA-2016:2045 https://access.redhat.com/errata/RHSA-2016:2045
RHSA-2016:2599 https://access.redhat.com/errata/RHSA-2016:2599
USN-3024-1 https://usn.ubuntu.com/3024-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at http://marc.info/?l=bugtraq&m=145974991225029&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://rhn.redhat.com/errata/RHSA-2016-1089.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2045.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://rhn.redhat.com/errata/RHSA-2016-2599.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5345.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://bto.bluecoat.com/security-advisory/sa118
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bz.apache.org/bugzilla/show_bug.cgi?id=58765
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://seclists.org/bugtraq/2016/Feb/146
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://seclists.org/fulldisclosure/2016/Feb/122
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat80/commit/2b643a4e36d318d55ec57fee57610671656d23c0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat80/commit/c15c2aba8eb42425f9ebcfcaef579dada38ad3a2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/127d8ea86d245846f0472865f0eb1eb111955e71
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/58c09b6217c546e1a251a82da227018f05277228
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/66daa4adc14b3e939659879153c0a579fdfcb099
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/7288bc70a14edcfeff0a96e333a858be374cfc64
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/816552abf6735fa37dfd37c8a7bfbdbd045477e0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/8437193708e4bf6b2861a7953dc472f9dad49111
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/89cd0cf33a99dbbcf5c69050a83b6876e39269d7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/a273b5f45cb46a273d06510a689fc314155a952d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/tomcat/commit/c584c7c4ab0686e4125eefcd0afb32fb8269da3d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10156
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-5345
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-5345
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201705-09
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://security.netapp.com/advisory/ntap-20180531-0001
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://svn.apache.org/viewvc?view=revision&revision=1715206
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://svn.apache.org/viewvc?view=revision&revision=1715207
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://svn.apache.org/viewvc?view=revision&revision=1715213
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://svn.apache.org/viewvc?view=revision&revision=1715216
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://svn.apache.org/viewvc?view=revision&revision=1716882
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://svn.apache.org/viewvc?view=revision&revision=1716894
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://svn.apache.org/viewvc?view=revision&revision=1717209
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://svn.apache.org/viewvc?view=revision&revision=1717212
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://svn.apache.org/viewvc?view=revision&revision=1717216
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://web.archive.org/web/20160321235514/http://www.securitytracker.com/id/1035071
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://web.archive.org/web/20160804024910/http://www.securityfocus.com/bid/83328
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-6.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-7.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-8.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-9.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://www.debian.org/security/2016/dsa-3530
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://www.debian.org/security/2016/dsa-3552
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.debian.org/security/2016/dsa-3609
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.ubuntu.com/usn/USN-3024-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.77268
EPSS Score 0.00520
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.