Search for vulnerabilities
Vulnerability details: VCID-r78u-gre6-aaaj
Vulnerability ID VCID-r78u-gre6-aaaj
Aliases CVE-2023-45648
GHSA-r6j3-px5g-cq3x
Summary Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2023:7247
ssvc Track https://access.redhat.com/errata/RHSA-2023:7247
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00382 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00447 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00447 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00447 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00447 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00694 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00694 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00694 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00694 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00694 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00694 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.00753 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.04605 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
epss 0.09311 https://api.first.org/data/v1/epss?cve=CVE-2023-45648
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-r6j3-px5g-cq3x
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0
generic_textual MODERATE https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4
generic_textual MODERATE https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6
generic_textual MODERATE https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6
cvssv3.1 5.3 https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6
generic_textual MODERATE https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6
cvssv3.1 5.3 https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
generic_textual MODERATE https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
ssvc Track https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
cvssv3.1 5.3 https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-45648
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-45648
cvssv3.1 5.3 https://security.netapp.com/advisory/ntap-20231103-0007
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20231103-0007
cvssv3.1 5.3 https://security.netapp.com/advisory/ntap-20231103-0007/
ssvc Track https://security.netapp.com/advisory/ntap-20231103-0007/
cvssv3.1 5.3 https://www.debian.org/security/2023/dsa-5521
generic_textual MODERATE https://www.debian.org/security/2023/dsa-5521
ssvc Track https://www.debian.org/security/2023/dsa-5521
cvssv3.1 5.3 https://www.debian.org/security/2023/dsa-5522
generic_textual MODERATE https://www.debian.org/security/2023/dsa-5522
ssvc Track https://www.debian.org/security/2023/dsa-5522
cvssv3.1 5.3 http://www.openwall.com/lists/oss-security/2023/10/10/10
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2023/10/10/10
ssvc Track http://www.openwall.com/lists/oss-security/2023/10/10/10
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json
https://api.first.org/data/v1/epss?cve=CVE-2023-45648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0
https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4
https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6
https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6
https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
https://security.netapp.com/advisory/ntap-20231103-0007
https://security.netapp.com/advisory/ntap-20231103-0007/
https://www.debian.org/security/2023/dsa-5521
https://www.debian.org/security/2023/dsa-5522
http://www.openwall.com/lists/oss-security/2023/10/10/10
2243749 https://bugzilla.redhat.com/show_bug.cgi?id=2243749
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CVE-2023-45648 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648
CVE-2023-45648 https://nvd.nist.gov/vuln/detail/CVE-2023-45648
GHSA-r6j3-px5g-cq3x https://github.com/advisories/GHSA-r6j3-px5g-cq3x
RHSA-2023:6206 https://access.redhat.com/errata/RHSA-2023:6206
RHSA-2023:6207 https://access.redhat.com/errata/RHSA-2023:6207
RHSA-2023:7247 https://access.redhat.com/errata/RHSA-2023:7247
RHSA-2024:0125 https://access.redhat.com/errata/RHSA-2024:0125
RHSA-2024:0474 https://access.redhat.com/errata/RHSA-2024:0474
RHSA-2024:4631 https://access.redhat.com/errata/RHSA-2024:4631
USN-7106-1 https://usn.ubuntu.com/7106-1/
USN-7562-1 https://usn.ubuntu.com/7562-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:7247
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/ Found at https://access.redhat.com/errata/RHSA-2023:7247
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45648.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:59:12Z/ Found at https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:59:12Z/ Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45648
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45648
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20231103-0007
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20231103-0007/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:59:12Z/ Found at https://security.netapp.com/advisory/ntap-20231103-0007/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5521
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:59:12Z/ Found at https://www.debian.org/security/2023/dsa-5521
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5522
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:59:12Z/ Found at https://www.debian.org/security/2023/dsa-5522
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2023/10/10/10
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:59:12Z/ Found at http://www.openwall.com/lists/oss-security/2023/10/10/10
Exploit Prediction Scoring System (EPSS)
Percentile 0.68338
EPSS Score 0.00269
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.