Search for vulnerabilities
Vulnerability details: VCID-ntxm-uwj5-aaae
Vulnerability ID VCID-ntxm-uwj5-aaae
Aliases CVE-2012-4431
GHSA-76vr-72mv-mf3q
Summary org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-264 Permissions, Privileges, and Access Controls
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html
generic_textual MODERATE http://marc.info/?l=bugtraq&m=136612293908376&w=2
cvssv3.1 7.5 http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0267.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0268.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0647.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0648.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1437.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1853.html
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0265
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0266
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0267
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0268
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0647
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0648
rhas Important https://access.redhat.com/errata/RHSA-2013:0665
rhas Important https://access.redhat.com/errata/RHSA-2013:1437
rhas Moderate https://access.redhat.com/errata/RHSA-2013:1853
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.06324 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.09966 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.16411 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
epss 0.16411 https://api.first.org/data/v1/epss?cve=CVE-2012-4431
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=883636
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
generic_textual MODERATE http://secunia.com/advisories/57126
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-76vr-72mv-mf3q
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
generic_textual MODERATE https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2012-4431
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18541
generic_textual MODERATE http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1393088&r2=1393087&pathrev=1393088
generic_textual MODERATE http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1393088&r2=1393087&pathrev=1393088
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1393088
cvssv3.1 9.8 http://tomcat.apache.org/security-6.html
generic_textual CRITICAL http://tomcat.apache.org/security-6.html
cvssv3.1 9.8 http://tomcat.apache.org/security-7.html
generic_textual CRITICAL http://tomcat.apache.org/security-7.html
generic_textual MODERATE http://www.ubuntu.com/usn/USN-1685-1
Reference id Reference type URL
http://archives.neohapsis.com/archives/bugtraq/2012-12/0045.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html
http://marc.info/?l=bugtraq&m=136612293908376&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://rhn.redhat.com/errata/RHSA-2013-0267.html
http://rhn.redhat.com/errata/RHSA-2013-0268.html
http://rhn.redhat.com/errata/RHSA-2013-0647.html
http://rhn.redhat.com/errata/RHSA-2013-0648.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1853.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4431.json
https://api.first.org/data/v1/epss?cve=CVE-2012-4431
http://secunia.com/advisories/57126
https://github.com/apache/tomcat
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18541
https://svn.apache.org/viewvc?view=rev&rev=1393088
https://svn.apache.org/viewvc?view=rev&rev=1394456
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1393088&r2=1393087&pathrev=1393088
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1393088&r2=1393087&pathrev=1393088
http://svn.apache.org/viewvc?view=revision&revision=1393088
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/56814
http://www.securitytracker.com/id?1027834
http://www.ubuntu.com/usn/USN-1685-1
695250 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695250
883636 https://bugzilla.redhat.com/show_bug.cgi?id=883636
cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
CVE-2012-4431 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
CVE-2012-4431 https://nvd.nist.gov/vuln/detail/CVE-2012-4431
GHSA-76vr-72mv-mf3q https://github.com/advisories/GHSA-76vr-72mv-mf3q
GLSA-201412-29 https://security.gentoo.org/glsa/201412-29
RHSA-2013:0265 https://access.redhat.com/errata/RHSA-2013:0265
RHSA-2013:0266 https://access.redhat.com/errata/RHSA-2013:0266
RHSA-2013:0267 https://access.redhat.com/errata/RHSA-2013:0267
RHSA-2013:0268 https://access.redhat.com/errata/RHSA-2013:0268
RHSA-2013:0647 https://access.redhat.com/errata/RHSA-2013:0647
RHSA-2013:0648 https://access.redhat.com/errata/RHSA-2013:0648
RHSA-2013:0665 https://access.redhat.com/errata/RHSA-2013:0665
RHSA-2013:1437 https://access.redhat.com/errata/RHSA-2013:1437
RHSA-2013:1853 https://access.redhat.com/errata/RHSA-2013:1853
USN-1685-1 https://usn.ubuntu.com/1685-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://marc.info/?l=bugtraq&m=139344343412337&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-4431
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-6.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-7.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.46816
EPSS Score 0.00121
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.