VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
epss	0.01735	https://api.first.org/data/v1/epss?cve=CVE-2010-4312
epss	0.01735	https://api.first.org/data/v1/epss?cve=CVE-2010-4312
epss	0.01735	https://api.first.org/data/v1/epss?cve=CVE-2010-4312
epss	0.01735	https://api.first.org/data/v1/epss?cve=CVE-2010-4312
epss	0.01735	https://api.first.org/data/v1/epss?cve=CVE-2010-4312
epss	0.01735	https://api.first.org/data/v1/epss?cve=CVE-2010-4312
epss	0.01735	https://api.first.org/data/v1/epss?cve=CVE-2010-4312
epss	0.01735	https://api.first.org/data/v1/epss?cve=CVE-2010-4312
epss	0.01735	https://api.first.org/data/v1/epss?cve=CVE-2010-4312
generic_textual	MODERATE	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608286
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-pvjh-7h8q-q56r
generic_textual	MODERATE	https://github.com/apache/tomcat
generic_textual	MODERATE	https://launchpad.net/bugs/cve/CVE-2010-4312
cvssv2	6.4	https://nvd.nist.gov/vuln/detail/CVE-2010-4312
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2010-4312
generic_textual	MODERATE	https://security-tracker.debian.org/tracker/CVE-2010-4312
generic_textual	MODERATE	https://ubuntu.com/security/CVE-2010-4312

System

Score

Found at

epss

0.01735

https://api.first.org/data/v1/epss?cve=CVE-2010-4312

epss

0.01735

https://api.first.org/data/v1/epss?cve=CVE-2010-4312

epss

0.01735

https://api.first.org/data/v1/epss?cve=CVE-2010-4312

epss

0.01735

https://api.first.org/data/v1/epss?cve=CVE-2010-4312

epss

0.01735

https://api.first.org/data/v1/epss?cve=CVE-2010-4312

epss

0.01735

https://api.first.org/data/v1/epss?cve=CVE-2010-4312

epss

0.01735

https://api.first.org/data/v1/epss?cve=CVE-2010-4312

epss

0.01735

https://api.first.org/data/v1/epss?cve=CVE-2010-4312

epss

0.01735

https://api.first.org/data/v1/epss?cve=CVE-2010-4312

generic_textual

MODERATE

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608286

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-pvjh-7h8q-q56r

generic_textual

MODERATE

https://github.com/apache/tomcat

generic_textual

MODERATE

https://launchpad.net/bugs/cve/CVE-2010-4312

cvssv2

6.4

https://nvd.nist.gov/vuln/detail/CVE-2010-4312

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2010-4312

generic_textual

MODERATE

https://security-tracker.debian.org/tracker/CVE-2010-4312

generic_textual

MODERATE

https://ubuntu.com/security/CVE-2010-4312

Reference id

Reference type

URL

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4312.json

https://api.first.org/data/v1/epss?cve=CVE-2010-4312

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608286

https://github.com/apache/tomcat

http://www.securityfocus.com/archive/1/514866/100/0/threaded

658267

https://bugzilla.redhat.com/show_bug.cgi?id=658267

cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*

CVE-2010-4312

https://launchpad.net/bugs/cve/CVE-2010-4312

CVE-2010-4312

https://nvd.nist.gov/vuln/detail/CVE-2010-4312

CVE-2010-4312

https://security-tracker.debian.org/tracker/CVE-2010-4312

CVE-2010-4312

https://ubuntu.com/security/CVE-2010-4312

GHSA-pvjh-7h8q-q56r

https://github.com/advisories/GHSA-pvjh-7h8q-q56r

GLSA-201206-24

https://security.gentoo.org/glsa/201206-24

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:50:36.091402+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2010-4312.yml	38.0.0

2026-04-01T12:50:36.091402+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2010-4312.yml

38.0.0

Vulnerability ID	VCID-jtg7-217a-qqhk
Aliases	CVE-2010-4312 GHSA-pvjh-7h8q-q56r
Summary	Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-16	Configuration
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1004	Sensitive Cookie Without 'HttpOnly' Flag

Percentile	0.82398
EPSS Score	0.01735
Published At	April 1, 2026, 12:55 p.m.