VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pqmr-zjbb-8fhv

Essentials
Severities (70)
References (42)
Severity details (45)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pqmr-zjbb-8fhv
Aliases	CVE-2023-24998 GHSA-hfrx-6qgj-fp6c
Summary	Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-770	Allocation of Resources Without Limits or Throttling
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24998.json
epss	0.31463	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.31463	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.31463	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.37761	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.37761	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.37761	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.37761	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
epss	0.41119	https://api.first.org/data/v1/epss?cve=CVE-2023-24998
cvssv3.1	7.5	https://commons.apache.org/proper/commons-fileupload/security-reports.html
generic_textual	HIGH	https://commons.apache.org/proper/commons-fileupload/security-reports.html
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-hfrx-6qgj-fp6c
cvssv3.1	7.5	https://github.com/apache/commons-fileupload
generic_textual	HIGH	https://github.com/apache/commons-fileupload
cvssv3.1	7.5	https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
generic_textual	HIGH	https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce
generic_textual	HIGH	https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e
generic_textual	HIGH	https://github.com/apache/tomcat/commit/9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74
generic_textual	HIGH	https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
generic_textual	HIGH	https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
cvssv3.1	7.5	https://github.com/search?q=repo%3Aapache%2Ftomcat+util.http+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
generic_textual	HIGH	https://github.com/search?q=repo%3Aapache%2Ftomcat+util.http+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
cvssv3.1	7.5	https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
generic_textual	HIGH	https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-24998
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2023-24998
archlinux	Medium	https://security.archlinux.org/AVG-2829
archlinux	Medium	https://security.archlinux.org/AVG-2830
archlinux	Medium	https://security.archlinux.org/AVG-2831
cvssv3.1	7.5	https://security.gentoo.org/glsa/202305-37
generic_textual	HIGH	https://security.gentoo.org/glsa/202305-37
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230302-0013
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20230302-0013
cvssv3.1	7.5	https://tomcat.apache.org/security-10.html
generic_textual	HIGH	https://tomcat.apache.org/security-10.html
cvssv3.1	7.5	https://tomcat.apache.org/security-11.html
generic_textual	HIGH	https://tomcat.apache.org/security-11.html
cvssv3.1	7.5	https://tomcat.apache.org/security-8.html
generic_textual	HIGH	https://tomcat.apache.org/security-8.html
cvssv3.1	7.5	https://tomcat.apache.org/security-9.html
generic_textual	HIGH	https://tomcat.apache.org/security-9.html
cvssv3.1	7.5	https://www.debian.org/security/2023/dsa-5522
generic_textual	HIGH	https://www.debian.org/security/2023/dsa-5522
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2023/05/22/1
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2023/05/22/1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24998.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-24998
		https://commons.apache.org/proper/commons-fileupload/security-reports.html
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/commons-fileupload
		https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
		https://github.com/apache/tomcat/commit/063e2e81ede50c287f737cc8e2915ce7217e886e
		https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce
		https://github.com/apache/tomcat/commit/9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e
		https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74
		https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38
		https://github.com/search?q=repo%3Aapache%2Ftomcat+util.http+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code
		https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
		https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
		https://nvd.nist.gov/vuln/detail/CVE-2023-24998
		https://security.gentoo.org/glsa/202305-37
		https://security.netapp.com/advisory/ntap-20230302-0013
		https://security.netapp.com/advisory/ntap-20230302-0013/
		https://tomcat.apache.org/security-10.html
		https://tomcat.apache.org/security-11.html
		https://tomcat.apache.org/security-8.html
		https://tomcat.apache.org/security-9.html
		https://www.debian.org/security/2023/dsa-5522
		http://www.openwall.com/lists/oss-security/2023/05/22/1
1031733		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031733
2172298		https://bugzilla.redhat.com/show_bug.cgi?id=2172298
AVG-2829		https://security.archlinux.org/AVG-2829
AVG-2830		https://security.archlinux.org/AVG-2830
AVG-2831		https://security.archlinux.org/AVG-2831
cpe:2.3:a:apache:commons_fileupload::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_fileupload::::::::
cpe:2.3:a:apache:commons_fileupload:1.0:beta::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_fileupload:1.0:beta::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2023-24998		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
GHSA-hfrx-6qgj-fp6c		https://github.com/advisories/GHSA-hfrx-6qgj-fp6c
RHSA-2023:2100		https://access.redhat.com/errata/RHSA-2023:2100
RHSA-2023:3299		https://access.redhat.com/errata/RHSA-2023:3299
RHSA-2023:4909		https://access.redhat.com/errata/RHSA-2023:4909
RHSA-2023:4910		https://access.redhat.com/errata/RHSA-2023:4910
RHSA-2023:4983		https://access.redhat.com/errata/RHSA-2023:4983
RHSA-2023:6570		https://access.redhat.com/errata/RHSA-2023:6570
RHSA-2023:7065		https://access.redhat.com/errata/RHSA-2023:7065

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24998.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://commons.apache.org/proper/commons-fileupload/security-reports.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/commons-fileupload

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/search?q=repo%3Aapache%2Ftomcat+util.http+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-24998

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202305-37

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230302-0013

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-10.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-11.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-8.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-9.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2023/dsa-5522

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2023/05/22/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.96634
EPSS Score	0.31463
Published At	Aug. 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:03:16.673943+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-11.html	37.0.0