Search for vulnerabilities
Vulnerability details: VCID-yu9v-1yu4-rqaa
Vulnerability ID VCID-yu9v-1yu4-rqaa
Aliases CVE-2010-4172
GHSA-c78g-qwpw-2jgv
Summary
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.22781 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.22781 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.22781 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.22781 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.22781 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.22781 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
epss 0.24431 https://api.first.org/data/v1/epss?cve=CVE-2010-4172
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=656246
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172
apache_tomcat Moderate https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-c78g-qwpw-2jgv
generic_textual MODERATE https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat/commit/5971f9392edc6d70808b2599b062b050fcd11d23
generic_textual MODERATE https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
generic_textual MODERATE https://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2010-4172
generic_textual MODERATE https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.5
generic_textual MODERATE https://www.redhat.com/support/errata/RHSA-2011-0896.html
generic_textual MODERATE https://www.redhat.com/support/errata/RHSA-2011-0897.html
generic_textual MODERATE https://www.securityfocus.com/archive/1/514866/100/0/threaded
generic_textual MODERATE https://www.ubuntu.com/usn/USN-1048-1
generic_textual MODERATE https://www.vupen.com/english/advisories/2010/3047
generic_textual MODERATE https://www.vupen.com/english/advisories/2011/0203
Reference id Reference type URL
http://marc.info/?l=bugtraq&m=139344343412337&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4172.json
https://api.first.org/data/v1/epss?cve=CVE-2010-4172
https://bugzilla.redhat.com/show_bug.cgi?id=656246
http://securitytracker.com/id?1024764
https://exchange.xforce.ibmcloud.com/vulnerabilities/63422
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/5971f9392edc6d70808b2599b062b050fcd11d23
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
https://marc.info/?l=bugtraq&m=139344343412337&w=2
https://nvd.nist.gov/vuln/detail/CVE-2010-4172
https://svn.apache.org/viewvc?view=rev&rev=1037778
https://svn.apache.org/viewvc?view=rev&rev=1037779
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.5
http://support.apple.com/kb/HT5002
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://svn.apache.org/viewvc?view=revision&revision=1037778
http://svn.apache.org/viewvc?view=revision&revision=1037779
https://www.redhat.com/support/errata/RHSA-2011-0896.html
https://www.redhat.com/support/errata/RHSA-2011-0897.html
https://www.securityfocus.com/archive/1/514866/100/0/threaded
https://www.ubuntu.com/usn/USN-1048-1
https://www.vupen.com/english/advisories/2010/3047
https://www.vupen.com/english/advisories/2011/0203
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
CVE-2010-4172 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172
CVE-2010-4172;OSVDB-69456 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35011.txt
CVE-2010-4172;OSVDB-69456 Exploit https://www.securityfocus.com/bid/45015/info
GHSA-c78g-qwpw-2jgv https://github.com/advisories/GHSA-c78g-qwpw-2jgv
USN-1048-1 https://usn.ubuntu.com/1048-1/
Data source Exploit-DB
Date added Nov. 22, 2010
Description Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting
Ransomware campaign use Known
Source publication date Nov. 22, 2010
Exploit type remote
Platform linux
Source update date Oct. 20, 2014
Source URL https://www.securityfocus.com/bid/45015/info
Exploit Prediction Scoring System (EPSS)
Percentile 0.95638
EPSS Score 0.22781
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T07:58:51.167232+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 37.0.0