193.110.47.127
{
"scan_id": 1726480303,
"ip": "193.110.47.127",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "193.110.44.0/22",
"postal_code": "40764",
"coordinates": {
"latitude": "51.1068",
"longitude": "6.9529"
},
"geo_point": "51.1068, 6.9529",
"locale_code": "en",
"continent": "Europe",
"country_code": "DE",
"country_name": "Germany",
"city": "Langenfeld"
},
"location_updated_at": "2024-03-21T11:29:00Z",
"asn": {
"number": "AS198726",
"organization": "Thuega SmartService GmbH",
"country_code": ""
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "193.110.44.0/22",
"organization": "OFFD",
"descr": "OFFD",
"_encoding": {
"raw": "BASE64"
}
},
"whois_updated_at": "2024-09-15T23:56:56Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2024-03-21T11:29:00Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2024-09-16T06:21:27Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2024-03-21T11:29:00Z"
}
],
"services": [
{
"port": 22,
"protocol": "tcp",
"name": "ssh",
"version": "7.4p1 Debian 10+deb9u6",
"product": "OpenSSH",
"extra_info": "protocol 2.0",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:openbsd:openssh:7.4p1",
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "7\\.4p1",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
},
{
"uri": "cpe:/o:linux:linux_kernel",
"part": "o",
"vendor": "linux",
"product": "linux_kernel",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"ssh": {
"banner": "SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6",
"client_to_server_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]"
],
"client_to_server_compression": [
"none",
"[email protected]"
],
"client_to_server_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"host_key_algorithms": [
"ssh-rsa",
"rsa-sha2-512",
"rsa-sha2-256",
"ecdsa-sha2-nistp256",
"ssh-ed25519"
],
"kex_algorithms": [
"curve25519-sha256",
"[email protected]",
"ecdh-sha2-nistp256",
"ecdh-sha2-nistp384",
"ecdh-sha2-nistp521",
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group16-sha512",
"diffie-hellman-group18-sha512",
"diffie-hellman-group14-sha256",
"diffie-hellman-group14-sha1"
],
"key": {
"algorithm": "ecdsa-sha2-nistp256",
"fingerprint_sha256": "5eeb9a7a4e37e982afc16fad8454a8cdcb7bf0e2b3f89c4ad13b384acb89c422",
"raw": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCZWRBzGe3s8kZiMLbJnU4jyubTq9laKhUt/1OObo8BGsGbzTsd7BIjUSakNPIpMwMxEdKo9uumph0ZwdZSwP10="
},
"server_to_client_ciphers": [
"[email protected]",
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"[email protected]",
"[email protected]"
],
"server_to_client_compression": [
"none",
"[email protected]"
],
"server_to_client_macs": [
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-sha1"
],
"software": "OpenSSH_7.4p1",
"version": "2.0"
}
},
"cve": [
{
"id": "CVE-2007-2768",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2008-3844",
"score": 9.3,
"severity": "high"
},
{
"id": "CVE-2016-20012",
"score": 5.3,
"severity": "medium"
},
{
"id": "CVE-2017-15906",
"score": 5.3,
"severity": "medium"
},
{
"id": "CVE-2018-15473",
"score": 5.3,
"severity": "medium"
},
{
"id": "CVE-2018-15919",
"score": 5.3,
"severity": "medium"
},
{
"id": "CVE-2018-20685",
"score": 5.3,
"severity": "medium"
},
{
"id": "CVE-2019-6109",
"score": 6.8,
"severity": "medium"
},
{
"id": "CVE-2019-6110",
"score": 6.8,
"severity": "medium"
},
{
"id": "CVE-2019-6111",
"score": 5.9,
"severity": "medium"
},
{
"id": "CVE-2020-14145",
"score": 5.9,
"severity": "medium"
},
{
"id": "CVE-2020-15778",
"score": 7.8,
"severity": "high"
},
{
"id": "CVE-2021-36368",
"score": 3.7,
"severity": "low"
},
{
"id": "CVE-2021-41617",
"score": 7,
"severity": "high"
},
{
"id": "CVE-2023-38408",
"score": 9.8,
"severity": "critical"
},
{
"id": "CVE-2023-48795",
"score": 5.9,
"severity": "medium"
},
{
"id": "CVE-2023-51384",
"score": 5.5,
"severity": "medium"
},
{
"id": "CVE-2023-51385",
"score": 6.5,
"severity": "medium"
},
{
"id": "CVE-2023-51767",
"score": 7,
"severity": "high"
},
{
"id": "CVE-1999-0431",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-1999-0656",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-1999-1285",
"score": 2.1,
"severity": "low"
},
{
"id": "CVE-1999-1442",
"score": 7.2,
"severity": "high"
},
{
"id": "CVE-2022-3424",
"score": 7.8,
"severity": "high"
},
{
"id": "CVE-2022-3707",
"score": 5.5,
"severity": "medium"
},
{
"id": "CVE-2023-0030",
"score": 7.8,
"severity": "high"
},
{
"id": "CVE-2023-1390",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2023-28466",
"score": 7,
"severity": "high"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2024-09-11T01:20:01.41Z"
},
{
"port": 143,
"protocol": "tcp",
"name": "imap",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"modules": {
"imap": {
"banner": "* OK Indy IMAP server version 10.6.2.0\r\n"
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2024-09-18T12:52:10.24Z"
},
{
"port": 444,
"protocol": "tcp",
"name": "http",
"version": "6.0.24",
"product": "Apache Tomcat",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:apache:tomcat:6.0.24",
"part": "a",
"vendor": "apache",
"product": "tomcat",
"version": "6\\.0\\.24",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "\n\n\n\n\n\n\n\n\r\n\r\n\r\n\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\n<meta charset=\"UTF-8\" />\n<title>\nSTARFACE VoIP Software</title>\n<link rel=\"shortcut icon\" href=\"/theme/default/img/icons/favi.ico\" />\n<script>\n/*<![CDATA[*/\nwindow.language = 'de';\n/*]]>*/\n</script>\n\n\r\n<script>\r\nvar ajaxToken = '1724515973139';\r\nvar starfacetopwindow = window;\r\n</script>\r\n<script src=\"/js/lib/jquery/jquery-1.7.1.js?v=u37c4c947\"></script>\n<script src=\"/js/standard.js?v=u37c4c947\"></script>\n<script src=\"/js/init.js?v=u37c4c947\">\n</script>\n\r\n<script>\r\nvar resourceKeys = {},\r\n\tuserphones = [],\r\n\tlogReason = '';\r\n\r\nif (window.opener) {\r\n\tjQuery(window.opener).bind('unload', opener.window.closeContent || starface.emptyFunction);\r\n} else if (false) {\r\n\twindow.location.href = '/logged.jsp';\r\n}\r\n\r\nresourceKeys['popup.blocked'] = 'Sie müssen in Ihrem Browser Popups für <span class=\"bolddark\">' + window.location.hostname + '</span> zulassen, um diese Funktion zu verwenden.';\r\nresourceKeys['jsp.error.choose.file'] = 'Es wurde keine Datei ausgewählt!';\r\nresourceKeys['jsp.error.wrong.file'] = function (accept) {\r\n\taccept = accept || '*.wav';\r\n\treturn 'Die ausgewählte Datei besitzt ungültiges Dateiformat.<br>Bitte wählen Sie eine ' +\r\n\t\t'<span class=\"bolddark\">' + accept + '</span>-Datei.';\r\n};\r\n</script>\r\n<style>\r\nhtml, body, iframe {\r\n\theight: 100%;\r\n\tmargin: 0;\r\n\toverflow: hidden;\r\n\tpadding: 0;\r\n}\r\n\r\niframe {\r\n\tbackground-color: transparent;\r\n\tborder: 0;\r\n\tposition: absolute;\r\n\twidth: 100%;\r\n}\r\n\r\n#mainframe {\r\n\toverflow: auto;\r\n}\r\n\r\n#callerframe {\r\n\tbottom: 0;\r\n\tdisplay: none;\r\n\theight: 15px;\r\n}\r\n</style>\r\n\n</head>\n\r\n<body>\r\n<iframe frameborder=\"0\"\r\n\tid=\"mainframe\"\r\n\tname=\"mainframe\"\r\n\tscrolling=\"auto\"\r\n\tseamless\r\n\tsrc=\"/start.jsp\"></iframe>\r\n<iframe frameborder=\"0\"\r\n\tid=\"callerframe\"\r\n\tname=\"callerframe\"\r\n\tscrolling=\"no\"\r\n\tseamless\r\n\tsrc=\"/blank.html\"></iframe>\r\n</body>\r\n</html>\r\n",
"body_murmur": 1864224905,
"body_sha256": "62b18dfb8d0e07ec5ee4516ba1adfc1e344fd94937fef1058e582ab5a806636c",
"content_length": 1871,
"headers": {
"content_language": [
"de"
],
"content_length": [
"1871"
],
"content_security_policy": [
"connect-src 'self'; default-src 'self'; form-action 'self'; font-src 'none'; frame-src 'self' https://www.starface.de mailto:; frame-ancestors 'self'; img-src * data:; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.starface.de; style-src 'unsafe-inline' 'self'; worker-src 'none';"
],
"content_type": [
"text/html;charset=UTF-8"
],
"date": [
"Sat, 24 Aug 2024 16:12:53 GMT"
],
"server": [
""
],
"set_cookie": [
"JSESSIONID=671863F7BA4FA7C032E33736DE500522; Path=/; Secure; HttpOnly"
],
"unknown": [
{
"key": "referrer_policy",
"value": [
"origin-when-cross-origin, strict-origin-when-cross-origin, same-origin"
]
}
],
"x_content_type_options": [
"nosniff"
],
"x_frame_options": [
"SAMEORIGIN"
],
"x_xss_protection": [
"1; mode=block"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "193.110.47.127:444",
"path": "",
"scheme": "https"
}
},
"status_code": 200,
"title": "STARFACE VoIP Software"
},
"tls": {
"certificate": {
"extensions": {
"subject_alt_name": {
"dns_names": [
"localhost"
]
},
"subject_key_id": "aa5d68104dbadadbef3bf883382f5092048ad27e"
},
"fingerprint_md5": "83625F46D95FB88C09ABA99375FC9E16",
"fingerprint_sha1": "2F7D7EE80A2DD0BF404E1CD7A516A08FA69716A3",
"fingerprint_sha256": "9E5B9C268DE4DBE807C6176344A1EA5197E372ED72D025529BA0EA4123F62DC1",
"issuer": {
"common_name": [
"localhost"
],
"country": [
"DE"
],
"locality": [
"empty"
],
"organization": [
"empty"
],
"organizational_unit": [
"IT"
],
"province": [
"empty"
]
},
"issuer_dn": "/C=DE/ST=empty/L=empty/O=empty/OU=IT/CN=localhost",
"jarm": "07d2ad16d21d21d07c07d2ad07d21d9b2f5869a6985368a9dec764186a9175",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "942252736",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": true,
"value": "OTI5NDgxNTFiZmY5OWU1YmY2NGVmZTI4YTEyNmU2ZWMyOGE3OThkZmVkZWJlYzM5ZDFjZjEwZTRkZWRlZDI3ZTRlYzAyZDBjYmRhMWI3MWJkMzZmYzYwOGZhN2UzYjUzYmYzNGNiZGRkZjI2MDMyMjg4NmNiMGUxOTVmZmUyY2Q1NDcxNjllODI2NDJkMzU2YTEwZTMwYTcyOGY3MTc4YzdkMzQyZmVjODdlNDllMThmMGE1ZGVkZmRiMDk5MDdmMjViZjA2NDcxODBiZmMwMjBjM2RjOWRjNGEwNDAwMmM3OTZhNDliMWNjYmE0NGJlYjRhNjY3ZGM1N2NjNGNlNjZhNzRkZDkyYjcxZjYwMmI5MTQxMGY1NjAyOWUyMTAxYWNkYjQ1MTdkMjg5ODUxYWRmN2Q4YzQxNDNhNzVlMjM2MTFjNTJjYzNmOTRlNjUyYjViN2UzM2Y3MGI3ZTgyYjJiM2Y1MmRiNzM5NGY5NDcxMTBiZDU0ZTNlMDllMzU4ZGE1YWFlOTFjNTQxMDE4OWJmYzM4MDhiYThkY2JkYTAyY2E0ZDNkZWQ2OGU5MWI1ODY1Y2VjNTkyZDI1ZTQ1MTVkN2Y4OWIxOTcxMjQxN2JmNjNlNTJkMjNlZGFjYTQ4NjVmYzU2M2EwNGVkNjlkNTNhZmMyY2YxODhiMjUzYTBjNDk1MzI1MjRmYWY3OGQ5NWE2NTIzMjZmZGE5MzljOTQ1ZTc5MmI0N2IwY2Q5MGU4N2RlNGQ1Nzc0NTE1OTA0NDU1YjRkZmE0ODkwNjJhNzBiMDYxMGRmNzdjYzNlMzRmYmE5YWQzMWRlOTc1Zjk5NDMxZDdlYzU1ZTUxNjcyOWNhOWY5YzU4MjRlZDgxNDE0OWIxZmI5Y2EzOTNkOWY4MTRkMmFlNTYwYTE0NWFiM2Q5OTVlMWEyY2ZkYThmZDdlZjQ3MDc5NjUzZTgwMjAzNjRjYzg2MTYyYzg4YTZkNGQxNjI2NjkzMWIwYzIyNjBhZTg4MzVmOTY2ZTlmMDk3MTI4YjRkMDgwMWJmOGU4YzZhYjM0OTZjMTNkYWI1MTUzMGFjMGU4MGI2ODczM2FjZWVjMzcyYmEyY2U4N2Y0MTg2ZWUyNzA1OWE2ZWE0NmEyZmI4NDMyMjRhMjRkM2MxNmQwMjJkOTJhZWI1MjYxOTM4Y2I5NTNkMmYwN2RhYWIxYmNlZmFhMjMyZWI1OWI1NTgyZThmNTg0MDY5ZTgzM2IzOTg4MmU0NjA4Y2NiOGUxYjFiYjViMDU4MWJiMzU5MzllMzY3MWMzMjVjMGMxOWM3Mzg1ZmI5NTEyZGJjMDc4OGYzZTZkNDIwODllMTg5Y2FjNGI0NDlkMjBlOTZkZA=="
},
"subject": {
"common_name": [
"localhost"
],
"country": [
"DE"
],
"locality": [
"empty"
],
"organization": [
"empty"
],
"organizational_unit": [
"IT"
],
"province": [
"empty"
]
},
"subject_alt_name": {
"dns_names": [
"localhost"
],
"extended_dns_names": []
},
"subject_dn": "/C=DE/ST=empty/L=empty/O=empty/OU=IT/CN=localhost",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "b044a93b6c6a24cdc384aacf760692d46208ab61f0f5d0c5e439d502b4ee9a13",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 4096,
"modulus": "MHhiNWJiODNlNWVlYjRjNjA0YzA4MTdhM2QyNmY1NTJhY2VlZThiYmJlN2NlZGQ4OTBlYTJiMTk1YjRjNjI0MTY2Y2Y4OTEyMjFkODYyYjkzNmFiY2E2NTNiNzVmOTRmNDA2MWQ3Mjc1ZTlmMDQxZGRiOGVjNzNlYzY3OWM0MDIwZjVmNzcyMjBjNDdjMjA5MWMyYjE5NTlmYWQxMzA4YmU1MzA0NzlkOTdjNWY3ZGYzYmUyZDUxMDU3YzE4MGM3YjE1OWJhYzc0Y2NhZWUwOTJkMGIxZjQ5ODFiMmJhNDQ1ZGY2NDYxNTQwYTI4Y2QyZTgzYmMzNjNhOTA0YmQ1NDEzNWYwNzJkMTNhNWYxODE2OTczZDg2NjE4OTZmOTA5OGNhYjVhYWQxNzdkMjA2NDRhYTNjNGIxZTlkYmRiZGIxZWVlMjE1ZWQzMjQ4NzFmYjgxMDdkOGIzYWE1YTY0ODcxODE3OTM2NDAxNjJjMTczMTY0NzgwNjUxZWViODYwYjM3Mjk5MDA0Y2MyNDg1MDc4OGRlMzI1N2UzN2M2NWEyOTUxZjhhODdmYmI1NTg2NmY3NTQyMGNhOGYyNGI1ODM5ZWNiZjg1ZjY4ZWQ3YjFiYWQ2OGVmZjVhNTdkYzhlMWQwNzA2MTJkZDM2MmUxMGUyMmI1MzJlY2NhYTViZmIzMGNhZTE5NDM0MzNjYmY2MjE2YTUyODk5MmMxNjllOTQ3MzI2NzhiMTQ4MjNiZGNiNGI5MDM3MGM3NWY0Zjk0MmY2NjU4YTg2NDUyNzM0MGI0ZWRjMDQzMmE2MzlhYzAyZjVmNDEwNTFmOTZlNjRmODE3MDIzM2E1ZWQ2YTkwNTk2ZGNkNTgwMjAwNDM0NzQ0ODU0YmI4M2U5YTNkMGRmNzY5NDA2ODQ0MTJjNjhkNzU3NDRlMmI1MjcyMzkxMWU1ZmI5ZTAxODZmNTFkMmQ0MjBmMmRlYjM2YzEzZDhmYWY5YmYzNGRhZGNkZjg3NjU5YTNmMWU1MTExNmRiN2I0OTY2OGRiOWM0ZTkyZTFiNDkyOWUyYmEyYjgzMTQxMGJhNDU1MjdmNWFiODRkYTI4YThkOTdkYjAyMjU5NTc4YWIwZjEwY2Y0YmUwYTkxNjg1YzgxYzk4MTQ2NmY0Njk0NDIwMDliNTIzMTUwZmFlOTIzYjg2MjNjNGI5ZDI2YWRjMTNkZTJjNzIxMTZhYjMxOGY3NmM5NGQ0MjEzMzU2OWU4ZWEwYTZlNjFhMDgyYjRlNDBlZmJlZTZmNmM0MzkwMjc0ZDBjZWI3ODliYzAzMDhhMzJjMjNkZGU2Y2NlNjczYmZiZmEzMmY2OTk1NDk4ZjBjNWM5ZGIwYzllOGNlZWQx"
}
},
"tbs_fingerprint": "eab91765ec4c6315787939eecfa6dd78ed0fe5acfb2ef767d5ae4b3bb055bf94",
"validation_level": "OV",
"validity": {
"length_seconds": 63072000,
"not_after": "2023-01-28T22:47:00",
"not_before": "2021-01-28T22:47:00"
},
"version": 2
},
"fingerprint_sha256": "9E5B9C268DE4DBE807C6176344A1EA5197E372ED72D025529BA0EA4123F62DC1",
"precert": false,
"raw": "MIIFcTCCA1mgAwIBAgIEOCmiwDANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJERTEOMAwGA1UECBMFZW1wdHkxDjAMBgNVBAcTBWVtcHR5MQ4wDAYDVQQKEwVlbXB0eTELMAkGA1UECxMCSVQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0yMTAxMjgyMjQ3MDBaFw0yMzAxMjgyMjQ3MDBaMF4xCzAJBgNVBAYTAkRFMQ4wDAYDVQQIEwVlbXB0eTEOMAwGA1UEBxMFZW1wdHkxDjAMBgNVBAoTBWVtcHR5MQswCQYDVQQLEwJJVDESMBAGA1UEAxMJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtbuD5e60xgTAgXo9JvVSrO7ou7587diQ6isZW0xiQWbPiRIh2GK5NqvKZTt1+U9AYdcnXp8EHduOxz7GecQCD193IgxHwgkcKxlZ+tEwi+UwR52XxfffO+LVEFfBgMexWbrHTMruCS0LH0mBsrpEXfZGFUCijNLoO8NjqQS9VBNfBy0TpfGBaXPYZhiW+QmMq1qtF30gZEqjxLHp29vbHu4hXtMkhx+4EH2LOqWmSHGBeTZAFiwXMWR4BlHuuGCzcpkATMJIUHiN4yV+N8ZaKVH4qH+7VYZvdUIMqPJLWDnsv4X2jtexutaO/1pX3I4dBwYS3TYuEOIrUy7Mqlv7MMrhlDQzy/YhalKJksFp6UcyZ4sUgjvctLkDcMdfT5QvZlioZFJzQLTtwEMqY5rAL19BBR+W5k+BcCM6XtapBZbc1YAgBDR0SFS7g+mj0N92lAaEQSxo11dE4rUnI5EeX7ngGG9R0tQg8t6zbBPY+vm/NNrc34dlmj8eURFtt7SWaNucTpLhtJKeK6K4MUELpFUn9auE2iio2X2wIllXirDxDPS+CpFoXIHJgUZvRpRCAJtSMVD66SO4YjxLnSatwT3ixyEWqzGPdslNQhM1aejqCm5hoIK05A777m9sQ5AnTQzreJvAMIoywj3ebM5nO/v6MvaZVJjwxcnbDJ6M7tECAwEAAaM3MDUwFAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQWBBSqXWgQTbra2+87+IM4L1CSBIrSfjANBgkqhkiG9w0BAQsFAAOCAgEAkpSBUb/5nlv2Tv4ooSbm7CinmN/t6+w50c8Q5N7e0n5OwC0MvaG3G9Nvxgj6fjtTvzTL3d8mAyKIbLDhlf/izVRxaegmQtNWoQ4wpyj3F4x9NC/sh+SeGPCl3t/bCZB/Jb8GRxgL/AIMPcncSgQALHlqSbHMukS+tKZn3FfMTOZqdN2Stx9gK5FBD1YCniEBrNtFF9KJhRrffYxBQ6deI2EcUsw/lOZStbfjP3C36CsrP1Lbc5T5RxEL1U4+CeNY2lqukcVBAYm/w4CLqNy9oCyk097WjpG1hlzsWS0l5FFdf4mxlxJBe/Y+UtI+2spIZfxWOgTtadU6/CzxiLJToMSVMlJPr3jZWmUjJv2pOclF55K0ewzZDofeTVd0UVkERVtN+kiQYqcLBhDfd8w+NPuprTHel1+ZQx1+xV5RZynKn5xYJO2BQUmx+5yjk9n4FNKuVgoUWrPZleGiz9qP1+9HB5ZT6AIDZMyGFiyIptTRYmaTGwwiYK6INflm6fCXEotNCAG/joxqs0lsE9q1FTCsDoC2hzOs7sNyuizof0GG7icFmm6kai+4QyJKJNPBbQItkq61Jhk4y5U9LwfaqxvO+qIy61m1WC6PWEBp6DOzmILkYIzLjhsbtbBYG7NZOeNnHDJcDBnHOF+5US28B4jz5tQgieGJysS0SdIOlt0=",
"tags": [
"ov",
"self_signed",
"root"
]
}
},
"cve": [
{
"id": "CVE-2010-1157",
"score": 2.6,
"severity": "low"
},
{
"id": "CVE-2010-2227",
"score": 6.4,
"severity": "medium"
},
{
"id": "CVE-2010-3718",
"score": 1.2,
"severity": "low"
},
{
"id": "CVE-2010-4172",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2010-4312",
"score": 6.4,
"severity": "medium"
},
{
"id": "CVE-2011-0013",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2011-0534",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2011-1184",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2011-2204",
"score": 1.8,
"severity": "low"
},
{
"id": "CVE-2011-2526",
"score": 4.4,
"severity": "medium"
},
{
"id": "CVE-2011-3190",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2011-4858",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2011-5062",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2011-5063",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2011-5064",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2012-0022",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2012-2733",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2012-3544",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2012-3546",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2012-4431",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2012-4534",
"score": 2.6,
"severity": "low"
},
{
"id": "CVE-2012-5885",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2012-5886",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2012-5887",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2013-2067",
"score": 6.8,
"severity": "medium"
},
{
"id": "CVE-2013-2185",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2013-4286",
"score": 5.8,
"severity": "medium"
},
{
"id": "CVE-2013-4322",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2013-4444",
"score": 6.8,
"severity": "medium"
},
{
"id": "CVE-2013-4590",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2014-0075",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2014-0096",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2014-0099",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2014-0119",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2014-0227",
"score": 6.4,
"severity": "medium"
},
{
"id": "CVE-2014-0230",
"score": 7.8,
"severity": "high"
},
{
"id": "CVE-2014-7810",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2015-5174",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2015-5345",
"score": 5.3,
"severity": "medium"
},
{
"id": "CVE-2016-0706",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2016-0714",
"score": 8.8,
"severity": "high"
},
{
"id": "CVE-2016-0762",
"score": 5.9,
"severity": "medium"
},
{
"id": "CVE-2016-5018",
"score": 9.1,
"severity": "critical"
},
{
"id": "CVE-2016-5388",
"score": 8.1,
"severity": "high"
},
{
"id": "CVE-2016-6794",
"score": 5.3,
"severity": "medium"
},
{
"id": "CVE-2016-6796",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2016-6797",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2016-6816",
"score": 7.1,
"severity": "high"
},
{
"id": "CVE-2016-8735",
"score": 9.8,
"severity": "critical"
},
{
"id": "CVE-2017-5647",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2020-8022",
"score": 7.8,
"severity": "high"
}
],
"url": "https://193.110.47.127:444/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2024-08-24T16:13:12.116Z"
},
{
"port": 993,
"protocol": "tcp",
"name": "imaps",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2024-09-18T00:35:30.171Z"
},
{
"port": 1194,
"protocol": "tcp",
"name": "openvpn",
"version": "",
"product": "OpenVPN",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2024-09-19T03:58:41.233Z"
},
{
"port": 5061,
"protocol": "tcp",
"name": "sip",
"version": "",
"product": "STARFACE PBX",
"extra_info": "Status: 200 OK",
"tunnel": "ssl",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2024-09-16T05:31:41.912Z"
},
{
"port": 5222,
"protocol": "tcp",
"name": "jabber",
"version": "3.10.0 or later",
"product": "Ignite Realtime Openfire Jabber server",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:igniterealtime:openfire",
"part": "a",
"vendor": "igniterealtime",
"product": "openfire",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2024-08-22T00:38:37.142Z"
},
{
"port": 5443,
"protocol": "tcp",
"name": "spss",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2024-08-31T17:38:50.158Z"
},
{
"port": 8089,
"protocol": "tcp",
"name": "http",
"version": "",
"product": "FRITZ!Box TR-069 service",
"extra_info": "",
"tunnel": "",
"modules": {
"http": {
"headers": {
"content_length": [
"0"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "193.110.47.127:8089",
"path": "",
"scheme": "http"
}
},
"status_code": 404
}
},
"url": "http://193.110.47.127:8089/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2024-09-17T12:31:41.865Z"
},
{
"port": 55555,
"protocol": "tcp",
"name": "http",
"version": "",
"product": "Apache httpd",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:apache:http_server",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!DOCTYPE html>\n<html>\n<head>\n \n \n\n <meta charset=\"utf-8\"/>\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n <meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>\n <meta HTTP-EQUIV='Cache-Control' CONTENT='no-cache'>\n <title>Logon - SINEMA Remote Connect</title>\n\n <link rel=\"stylesheet\" href=\"/static/css/normalize.css? 1723268621\"/>\n <link rel=\"stylesheet\" href=\"/static/css/layout.css? 1723268621\"/>\n <link rel=\"stylesheet\" href=\"/static/css/login.css? 1723268621\"/>\n <link rel=\"stylesheet\" href=\"/static/css/font-awesome.css? 1723268621\"/>\n\n <script type=\"text/javascript\" src=\"/static/js/jquery.js\"></script>\n <script type=\"text/javascript\" src=\"/static/js/sinemarc.js\"></script>\n</head>\n<body>\n\n \n\n\n\n<div class=\"header clearfix\">\n <img src=\"/static/img/logo.gif\" alt=\"SIEMENS\" class=\"logo\"/>\n <span class=\"product-name\">SINEMA Remote Connect</span>\n\n <div class=\"language-selector\">\n <form action=\"/i18n/setlang/\" method=\"POST\">\n <input type='hidden' name='csrfmiddlewaretoken' value='L6Lm5dJdN60qXXFujrC2LU8966M7YdNy' />\n\n <label for=\"id_language_selector\">Language</label>:\n <select id=\"id_language_selector\" name=\"language\" onChange=\"submit()\">\n \n \n <option value=\"de\">\n Deutsch\n </option>\n \n <option value=\"en\" selected=\"selected\">\n English\n </option>\n \n </select>\n </form>\n </div>\n\n <div class=\"clock\">1723268621#en#0#</div>\n\n <div class=\"online-help\">\n <a href=\"#\" onClick=\"openHelpWindow('/static/help/en/login_help.htm');\">Help<i class=\"fa fa-question-circle fa-fw\"></i></a>\n </div>\n</div>\n\n\n <div class=\"content\">\n\n\n\n <form action=\"/wbm/login/\" method=\"POST\" class=\"login-form\">\n <input type='hidden' name='csrfmiddlewaretoken' value='L6Lm5dJdN60qXXFujrC2LU8966M7YdNy' />\n <input id=\"id_utcoffset\" name=\"utcoffset\" type=\"hidden\" value=\"0\"/>\n\n <div class=\"form-row\">\n <label for=\"id_username\">User name:</label>\n <input id=\"id_username\" maxlength=\"254\" name=\"username\" type=\"text\" />\n </div>\n\n <div class=\"form-row\">\n <label for=\"id_password\">Password:</label>\n <input id=\"id_password\" name=\"password\" type=\"password\" autocomplete=\"off\"/>\n </div>\n\n \n\n <div class=\"form-row\">\n <label for=\"id_submit\"> </label>\n <button id=\"id_submit\" type=\"submit\"><span class=\"button\">Log on</span></button>\n </div>\n </form>\n\n \n\n \n\n <div class=\"sep\"></div>\n\n <div class=\"pki\">\n \n <img src=\"/static/img/chip-icon.png\">\n \n <p>PKI Login</p>\n </div>\n\n\n </div>\n\n <script type=\"text/javascript\">\n <!--\n\n var d = new Date();\n $(\"#id_utcoffset\").prop('value', d.getTimezoneOffset() * -1);\n\n var usernameInput = $(\"#id_username\");\n usernameInput.focus().val(usernameInput.val());\n\n -->\n </script>\n</body>\n</html>\n",
"body_murmur": -1721879916,
"body_sha256": "b91a0c3cde8770e99eedf957f5ba2306bbc4aef3685ca53cb4b962df540975a8",
"component": [
"Apache HTTP Server",
"Django",
"Python"
],
"content_length": -1,
"headers": {
"cache_control": [
"max-age=0"
],
"content_language": [
"en"
],
"content_type": [
"text/html; charset=utf-8"
],
"date": [
"Sat, 10 Aug 2024 05:43:41 GMT"
],
"expires": [
"Sat, 10 Aug 2024 05:43:41 GMT"
],
"last_modified": [
"Sat, 10 Aug 2024 05:43:41 GMT"
],
"server": [
"Apache"
],
"set_cookie": [
"csrftoken=L6Lm5dJdN60qXXFujrC2LU8966M7YdNy; expires=Sat, 09-Aug-2025 05:43:41 GMT; httponly; Max-Age=31449600; Path=/; secure",
"sessionid=umip15q7njs0a5pse0n23o82a673irk4; httponly; Path=/; secure"
],
"strict_transport_security": [
"max-age=15768000"
],
"vary": [
"Cookie,Accept-Language,Accept-Encoding"
],
"x_content_type_options": [
"nosniff",
"nosniff"
],
"x_frame_options": [
"SAMEORIGIN",
"sameorigin"
],
"x_xss_protection": [
"1; mode=block"
]
},
"protocol": "HTTP/1.1",
"redirects": [
{
"content_length": -1,
"headers": {
"content_language": [
"en"
],
"content_type": [
"text/html; charset=utf-8"
],
"date": [
"Sat, 10 Aug 2024 05:43:41 GMT"
],
"location": [
"https://193.110.47.127:55555/wbm/login/"
],
"server": [
"Apache"
],
"strict_transport_security": [
"max-age=15768000"
],
"vary": [
"Accept-Language,Cookie"
],
"x_content_type_options": [
"nosniff",
"nosniff"
],
"x_frame_options": [
"SAMEORIGIN",
"sameorigin"
],
"x_xss_protection": [
"1; mode=block"
]
},
"location": "https://193.110.47.127:55555/wbm/login/",
"protocol": "HTTP/1.1",
"status_code": 302,
"status_line": "302 FOUND"
}
],
"request": {
"headers": {
"accept": [
"*/*"
],
"referer": [
"https://193.110.47.127:55555"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "193.110.47.127:55555",
"path": "/wbm/login/",
"scheme": "https"
}
},
"status_code": 200,
"title": "Logon - SINEMA Remote Connect"
},
"tls": {
"certificate": {
"extensions": {
"basic_constraints": {
"is_ca": true
},
"extended_key_usage": {
"any": false,
"apple_code_signing": false,
"apple_code_signing_development": false,
"apple_code_signing_third_party": false,
"apple_crypto_development_env": false,
"apple_crypto_env": false,
"apple_crypto_maintenance_env": false,
"apple_crypto_production_env": false,
"apple_crypto_qos": false,
"apple_crypto_test_env": false,
"apple_crypto_tier0_qos": false,
"apple_crypto_tier1_qos": false,
"apple_crypto_tier2_qos": false,
"apple_crypto_tier3_qos": false,
"apple_ichat_encryption": false,
"apple_ichat_signing": false,
"apple_resource_signing": false,
"apple_software_update_signing": false,
"apple_system_identity": false,
"client_auth": false,
"code_signing": false,
"dvcs": false,
"eap_over_lan": false,
"eap_over_ppp": false,
"email_protection": false,
"ipsec_end_system": false,
"ipsec_intermediate_system_usage": false,
"ipsec_tunnel": false,
"ipsec_user": false,
"microsoft_ca_exchange": false,
"microsoft_cert_trust_list_signing": false,
"microsoft_csp_signature": false,
"microsoft_document_signing": false,
"microsoft_drm": false,
"microsoft_drm_individualization": false,
"microsoft_efs_recovery": false,
"microsoft_embedded_nt_crypto": false,
"microsoft_encrypted_file_system": false,
"microsoft_enrollment_agent": false,
"microsoft_kernel_mode_code_signing": false,
"microsoft_key_recovery_21": false,
"microsoft_key_recovery_3": false,
"microsoft_license_server": false,
"microsoft_licenses": false,
"microsoft_lifetime_signing": false,
"microsoft_mobile_device_software": false,
"microsoft_nt5_crypto": false,
"microsoft_oem_whql_crypto": false,
"microsoft_qualified_subordinate": false,
"microsoft_root_list_signer": false,
"microsoft_server_gated_crypto": false,
"microsoft_sgc_serialized": false,
"microsoft_smart_display": false,
"microsoft_smartcard_logon": false,
"microsoft_system_health": false,
"microsoft_system_health_loophole": false,
"microsoft_timestamp_signing": false,
"microsoft_whql_crypto": false,
"netscape_server_gated_crypto": false,
"ocsp_signing": false,
"sbgp_cert_aa_service_auth": false,
"server_auth": true,
"time_stamping": false
},
"key_usage": {
"certificate_sign": false,
"content_commitment": false,
"crl_sign": false,
"data_encipherment": false,
"decipher_only": false,
"digital_signature": true,
"encipher_only": false,
"key_agreement": false,
"key_encipherment": true
},
"subject_alt_name": {
"dns_names": [
"s-d-f.mine.nu"
],
"ip_address": [
"193.110.47.127",
"192.168.45.171"
]
}
},
"fingerprint_md5": "95E62B0283CC850331501160C258F25F",
"fingerprint_sha1": "30188AAE9F5C49835BA68E804CE3B3A2863AF752",
"fingerprint_sha256": "780200AFB219B39CB3904459CB5DB0C0E8C435D9AB621FD06A1F4290D5AAF70A",
"issuer": {
"common_name": [
"CA 893568 SINEMA RC"
]
},
"issuer_dn": "/CN=CA 893568 SINEMA RC",
"jarm": "16d16d16d14d16d00016d16d16d16d7bf6e7a34fd706e3a25b03da2a17f6af",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "80",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": false,
"value": "OTc3N2NjNTYzOWQyMTNmNzc5YTRhZDg4ZjkyNDFjNmUyYzFhZDhkMDQ2YzI3MTBhZmVjNjc3ODg3ODMyNTBhYmUzMTA5ZDQxYjc5YjFjYzAzYTMyMzM0MDg1ZWE1MzdkNjg1MmY2MDk3ODdhNjlkMmNkOWFjMTVhYTNmYWNmNzM4ZWU0YzEyZmVjMmY0NGFmNjM5ZjRiNzRhNzAxMDU0ZTgxOTcwYTViYTVkMDRmZjg0MTk3NWM3YWFiMDU2NWE4OWZhNmI4ZTk3ZTE3MGNjODE2NDQ2MjhkOGQxZTJkZDNjMTgzZDk5ZTQ2M2EyODc3MTExOTc4MTE5ZTQxMTFkYjU2ODkxMDFmMjcxNDliYWQ2NTM3MTI5YmY5MDZmZGQxOGQ1OWQ1ZmVhNTMxMTBjNjZiYTk5N2U0N2RkNDg2ZDU2MzZkOTYzNGQ0Y2VjZDMyYzJkOWVhOTQ3M2EzMDIwMGI0YzgwOGYyYjJmNWY2NDhiNTRkOTU2NzJlNWY5ZmNjY2QxMWZlNjhiYzBhOWUyNDY5MDg5ODY1MmZmNWRlNjEzMDYyNTdiODZhODE2NDhmZjMxOTEzYzNhYzdmZmIwNTUyMzdkMTg1NjlhNDliNTY0MzZmNTM2OWZhY2EzN2Y3ODIyOTczMTVmMzhlZDNjYmIwZTkxYzMyMjgwNGE5Njc="
},
"subject": {
"common_name": [
"s-d-f.mine.nu"
]
},
"subject_alt_name": {
"dns_names": [
"s-d-f.mine.nu"
],
"extended_dns_names": [
{
"domain": "s-d-f",
"fld": "s-d-f.mine.nu",
"tld": "mine.nu"
}
]
},
"subject_dn": "/CN=s-d-f.mine.nu",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "de52f33464cbe2b479d7732a8cb520b2fb07948eedd5af721cf64403bc23be2e",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhhMzUwNGIwYjhhZDE5M2RiODhiOGY3ODE0ZTAxMjIxOWFkNWJlYjIzOWYwOWRmMzQzZmY5YTVmZjcyMTU5MDZlNjdjNGM4NjY1MDVmMjEyMDg2OGQxZGM5MWRmOGE2MDFlNDViNWRlMTJjMTFmZTBhMzU3OWU3ZDhhNDU2NzU1MGFjYjliY2YwNDgxMjA0NTNlYjUyMjg1NjRhYTJlNmEzNTg3OGRkYzM2ODZmYjc4NTM5M2UxMWIxNWFjNTA1ODc0OTg2MDRkMDUzMDYwMjkzMmU1MDVjMzVlOGIxZjBjMzQ1OTBkMzMxOWViZWZhYTljYjliNDZiYzI2MGI3ZGQyOTk1MGNlZmQwNzM1M2E1MGZjMWNmZjc3NWZjMmQxNGM2ZTAyZTdlNjEyY2MyY2EzYjM0NjUxMjZjZDE4NjQwMTY3N2I4YTQyYmRlNTUwZmIwYzQ1NmNjNDg5YzU4ZThmMjRkNDY4YTM5ZWI4NzM5OWFmMTY2NDRiZDFjNTU1MjAyYTRiN2M1MzcxZjJjYjlmNWI0N2I1OGU4YjMwMjlmYzQ0YzViNDNiNGFkM2RjNjBkY2I4MzlmM2I5M2FjMWQ5MjJjNmVmMDEzYmFjM2NkNGQxMmU5N2YyZTZlNzNlYWViNmY0ODRkMjk2M2Y2ZWQ0ZTZhNTE0NjYwMjBiNWU0ZA=="
}
},
"tbs_fingerprint": "696229b3c42d89c5815cd7ee4408b688d82c72754cbfd6fb171d78d8382f38dd",
"validation_level": "DV",
"validity": {
"length_seconds": 31708800,
"not_after": "2024-09-27T07:08:06",
"not_before": "2023-09-26T07:08:06"
},
"version": 2
},
"fingerprint_sha256": "780200AFB219B39CB3904459CB5DB0C0E8C435D9AB621FD06A1F4290D5AAF70A",
"precert": false,
"raw": "MIIDCTCCAfGgAwIBAgIBUDANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNDQSA4OTM1NjggU0lORU1BIFJDMB4XDTIzMDkyNjA3MDgwNloXDTI0MDkyNzA3MDgwNlowGDEWMBQGA1UEAwwNcy1kLWYubWluZS5udTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNQSwuK0ZPbiLj3gU4BIhmtW+sjnwnfND/5pf9yFZBuZ8TIZlBfISCGjR3JHfimAeRbXeEsEf4KNXnn2KRWdVCsubzwSBIEU+tSKFZKouajWHjdw2hvt4U5PhGxWsUFh0mGBNBTBgKTLlBcNeix8MNFkNMxnr76qcubRrwmC33SmVDO/Qc1OlD8HP93X8LRTG4C5+YSzCyjs0ZRJs0YZAFne4pCveVQ+wxFbMSJxY6PJNRoo564c5mvFmRL0cVVICpLfFNx8sufW0e1joswKfxExbQ7StPcYNy4OfO5OsHZIsbvATusPNTRLpfy5uc+rrb0hNKWP27U5qUUZgILXk0CAwEAAaNYMFYwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwJwYDVR0RAQH/BB0wG4cEwW4vf4cEwKgtq4INcy1kLWYubWluZS5udTANBgkqhkiG9w0BAQsFAAOCAQEAl3fMVjnSE/d5pK2I+SQcbiwa2NBGwnEK/sZ3iHgyUKvjEJ1Bt5scwDoyM0CF6lN9aFL2CXh6adLNmsFao/rPc47kwS/sL0SvY59LdKcBBU6BlwpbpdBP+EGXXHqrBWWon6a46X4XDMgWRGKNjR4t08GD2Z5GOih3ERl4EZ5BEdtWiRAfJxSbrWU3Epv5Bv3RjVnV/qUxEMZrqZfkfdSG1WNtljTUzs0ywtnqlHOjAgC0yAjysvX2SLVNlWcuX5/MzRH+aLwKniRpCJhlL/XeYTBiV7hqgWSP8xkTw6x/+wVSN9GFaaSbVkNvU2n6yjf3gilzFfOO08uw6RwyKASpZw==",
"tags": [
"dv",
"trusted"
]
}
},
"url": "https://193.110.47.127:55555/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2024-08-10T05:43:47.456Z"
}
],
"services_hash": "4c808f8cadfbb78850c08ed9dbdd5b43778e93c1963d12def94c79ae026987fd",
"last_updated_at": "2024-09-19T03:58:41.233Z",
"banner": [
"http",
"ssh",
"tls",
"imap"
],
"is_vuln": true,
"cveDetails": {
"CVE-1999-0431": {
"id": "CVE-1999-0431",
"references": [
"https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0431"
],
"score": 5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-Other"
},
"CVE-1999-0656": {
"id": "CVE-1999-0656",
"references": [
"http://ca.com/au/securityadvisor/vulninfo/Vuln.aspx?ID=1638",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/348"
],
"score": 5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"weakness": "CWE-16"
},
"CVE-1999-1285": {
"id": "CVE-1999-1285",
"references": [
"http://marc.info/?l=bugtraq&m=91495921611500&w=2",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/1472"
],
"score": 2.1,
"services": [
"22/ssh"
],
"severity": "low",
"summary": "Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.",
"vector_string": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-Other"
},
"CVE-1999-1442": {
"id": "CVE-1999-1442",
"references": [
"http://uwsg.iu.edu/hypermail/linux/kernel/9805.3/0855.html",
"http://www.cs.helsinki.fi/linux/linux-kernel/Year-1998/1998-25/0816.html",
"http://www.securityfocus.com/bid/105"
],
"score": 7.2,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments.",
"vector_string": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"weakness": "NVD-CWE-Other"
},
"CVE-2007-2768": {
"id": "CVE-2007-2768",
"references": [
"http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html",
"http://www.osvdb.org/34601",
"https://security.netapp.com/advisory/ntap-20191107-0002/"
],
"score": 4.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2008-3844": {
"id": "CVE-2008-3844",
"references": [
"http://secunia.com/advisories/31575",
"http://secunia.com/advisories/32241",
"http://securitytracker.com/id?1020730",
"http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm",
"http://www.redhat.com/security/data/openssh-blacklist.html",
"http://www.redhat.com/support/errata/RHSA-2008-0855.html",
"http://www.securityfocus.com/bid/30794",
"http://www.vupen.com/english/advisories/2008/2821",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/44747"
],
"score": 9.3,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.",
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"weakness": "CWE-20"
},
"CVE-2010-2227": {
"id": "CVE-2010-2227",
"references": [
"http://geronimo.apache.org/21x-security-report.html",
"http://geronimo.apache.org/22x-security-report.html",
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html",
"http://marc.info/?l=bugtraq&m=129070310906557&w=2",
"http://marc.info/?l=bugtraq&m=136485229118404&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://secunia.com/advisories/40813",
"http://secunia.com/advisories/41025",
"http://secunia.com/advisories/42079",
"http://secunia.com/advisories/42368",
"http://secunia.com/advisories/42454",
"http://secunia.com/advisories/43310",
"http://secunia.com/advisories/44183",
"http://secunia.com/advisories/57126",
"http://securitytracker.com/id?1024180",
"http://support.apple.com/kb/HT5002",
"http://svn.apache.org/viewvc?view=revision&revision=958911",
"http://svn.apache.org/viewvc?view=revision&revision=958977",
"http://svn.apache.org/viewvc?view=revision&revision=959428",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.debian.org/security/2011/dsa-2207",
"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176",
"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177",
"http://www.novell.com/support/viewContent.do?externalId=7007274",
"http://www.novell.com/support/viewContent.do?externalId=7007275",
"http://www.redhat.com/support/errata/RHSA-2010-0580.html",
"http://www.redhat.com/support/errata/RHSA-2010-0581.html",
"http://www.redhat.com/support/errata/RHSA-2010-0582.html",
"http://www.redhat.com/support/errata/RHSA-2010-0583.html",
"http://www.securityfocus.com/archive/1/512272/100/0/threaded",
"http://www.securityfocus.com/archive/1/516397/100/0/threaded",
"http://www.securityfocus.com/bid/41544",
"http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"http://www.vupen.com/english/advisories/2010/1986",
"http://www.vupen.com/english/advisories/2010/2868",
"http://www.vupen.com/english/advisories/2010/3056",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/60264",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532"
],
"score": 6.4,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\"",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"weakness": "CWE-119"
},
"CVE-2010-3718": {
"id": "CVE-2010-3718",
"references": [
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://marc.info/?l=bugtraq&m=132215163318824&w=2",
"http://marc.info/?l=bugtraq&m=136485229118404&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://secunia.com/advisories/43192",
"http://secunia.com/advisories/45022",
"http://secunia.com/advisories/57126",
"http://securityreason.com/securityalert/8072",
"http://support.apple.com/kb/HT5002",
"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.debian.org/security/2011/dsa-2160",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:030",
"http://www.redhat.com/support/errata/RHSA-2011-0791.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"http://www.redhat.com/support/errata/RHSA-2011-1845.html",
"http://www.securityfocus.com/archive/1/516211/100/0/threaded",
"http://www.securityfocus.com/bid/46177",
"http://www.securitytracker.com/id?1025025",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/65159",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379"
],
"score": 1.2,
"services": [
"444/http"
],
"severity": "low",
"summary": "Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.",
"vector_string": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"weakness": "NVD-CWE-Other"
},
"CVE-2010-4172": {
"id": "CVE-2010-4172",
"references": [
"http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html",
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://secunia.com/advisories/42337",
"http://secunia.com/advisories/43019",
"http://secunia.com/advisories/45022",
"http://secunia.com/advisories/57126",
"http://securitytracker.com/id?1024764",
"http://support.apple.com/kb/HT5002",
"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html",
"http://svn.apache.org/viewvc?view=revision&revision=1037778",
"http://svn.apache.org/viewvc?view=revision&revision=1037779",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.redhat.com/support/errata/RHSA-2011-0791.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"http://www.securityfocus.com/archive/1/514866/100/0/threaded",
"http://www.securityfocus.com/bid/45015",
"http://www.ubuntu.com/usn/USN-1048-1",
"http://www.vupen.com/english/advisories/2010/3047",
"http://www.vupen.com/english/advisories/2011/0203",
"https://bugzilla.redhat.com/show_bug.cgi?id=656246",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/63422"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-79"
},
"CVE-2010-4312": {
"id": "CVE-2010-4312",
"references": [
"http://www.securityfocus.com/archive/1/514866/100/0/threaded"
],
"score": 6.4,
"services": [
"444/http"
],
"severity": "medium",
"summary": "The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"weakness": "CWE-16"
},
"CVE-2011-0013": {
"id": "CVE-2011-0013",
"references": [
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://marc.info/?l=bugtraq&m=132215163318824&w=2",
"http://marc.info/?l=bugtraq&m=136485229118404&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://secunia.com/advisories/43192",
"http://secunia.com/advisories/45022",
"http://secunia.com/advisories/57126",
"http://securityreason.com/securityalert/8093",
"http://support.apple.com/kb/HT5002",
"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html",
"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32",
"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30",
"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_%28released_14_Jan_2011%29",
"http://www.debian.org/security/2011/dsa-2160",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:030",
"http://www.redhat.com/support/errata/RHSA-2011-0791.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"http://www.redhat.com/support/errata/RHSA-2011-1845.html",
"http://www.securityfocus.com/archive/1/516209/30/90/threaded",
"http://www.securityfocus.com/bid/46174",
"http://www.securitytracker.com/id?1025026",
"http://www.vupen.com/english/advisories/2011/0376",
"https://bugzilla.redhat.com/show_bug.cgi?id=675786",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12878",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14945",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-79"
},
"CVE-2011-0534": {
"id": "CVE-2011-0534",
"references": [
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://osvdb.org/70809",
"http://secunia.com/advisories/43192",
"http://secunia.com/advisories/45022",
"http://secunia.com/advisories/57126",
"http://securityreason.com/securityalert/8074",
"http://support.apple.com/kb/HT5002",
"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html",
"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32",
"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_%28released_5_Feb_2011%29",
"http://www.debian.org/security/2011/dsa-2160",
"http://www.securityfocus.com/archive/1/516214/100/0/threaded",
"http://www.securityfocus.com/bid/46164",
"http://www.securitytracker.com/id?1025027",
"http://www.vupen.com/english/advisories/2011/0293",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/65162"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-399"
},
"CVE-2011-1184": {
"id": "CVE-2011-1184",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html",
"http://marc.info/?l=bugtraq&m=133469267822771&w=2",
"http://marc.info/?l=bugtraq&m=136485229118404&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0074.html",
"http://rhn.redhat.com/errata/RHSA-2012-0075.html",
"http://rhn.redhat.com/errata/RHSA-2012-0076.html",
"http://rhn.redhat.com/errata/RHSA-2012-0077.html",
"http://rhn.redhat.com/errata/RHSA-2012-0078.html",
"http://rhn.redhat.com/errata/RHSA-2012-0325.html",
"http://secunia.com/advisories/57126",
"http://svn.apache.org/viewvc?view=rev&rev=1087655",
"http://svn.apache.org/viewvc?view=rev&rev=1158180",
"http://svn.apache.org/viewvc?view=rev&rev=1159309",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.debian.org/security/2012/dsa-2401",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:156",
"http://www.redhat.com/support/errata/RHSA-2011-1845.html",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"weakness": "CWE-264"
},
"CVE-2011-2204": {
"id": "CVE-2011-2204",
"references": [
"http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html",
"http://marc.info/?l=bugtraq&m=132215163318824&w=2",
"http://marc.info/?l=bugtraq&m=133469267822771&w=2",
"http://marc.info/?l=bugtraq&m=136485229118404&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://secunia.com/advisories/44981",
"http://secunia.com/advisories/48308",
"http://secunia.com/advisories/57126",
"http://securitytracker.com/id?1025712",
"http://support.apple.com/kb/HT5130",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.debian.org/security/2012/dsa-2401",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:156",
"http://www.osvdb.org/73429",
"http://www.redhat.com/support/errata/RHSA-2011-1845.html",
"http://www.securityfocus.com/bid/48456",
"https://bugzilla.redhat.com/show_bug.cgi?id=717013",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/68238",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532"
],
"score": 1.8,
"services": [
"444/http"
],
"severity": "low",
"summary": "Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.",
"vector_string": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2011-2526": {
"id": "CVE-2011-2526",
"references": [
"http://marc.info/?l=bugtraq&m=132215163318824&w=2",
"http://marc.info/?l=bugtraq&m=133469267822771&w=2",
"http://marc.info/?l=bugtraq&m=136485229118404&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://osvdb.org/73797",
"http://osvdb.org/73798",
"http://rhn.redhat.com/errata/RHSA-2012-0074.html",
"http://rhn.redhat.com/errata/RHSA-2012-0075.html",
"http://rhn.redhat.com/errata/RHSA-2012-0076.html",
"http://rhn.redhat.com/errata/RHSA-2012-0077.html",
"http://rhn.redhat.com/errata/RHSA-2012-0078.html",
"http://rhn.redhat.com/errata/RHSA-2012-0325.html",
"http://secunia.com/advisories/45232",
"http://secunia.com/advisories/48308",
"http://secunia.com/advisories/57126",
"http://svn.apache.org/viewvc?view=revision&revision=1145383",
"http://svn.apache.org/viewvc?view=revision&revision=1145571",
"http://svn.apache.org/viewvc?view=revision&revision=1145694",
"http://svn.apache.org/viewvc?view=revision&revision=1146005",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.debian.org/security/2012/dsa-2401",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:156",
"http://www.securityfocus.com/archive/1/518889/100/0/threaded",
"http://www.securityfocus.com/bid/48667",
"http://www.securitytracker.com/id?1025788",
"https://bugzilla.redhat.com/show_bug.cgi?id=720948",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/68541",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514"
],
"score": 4.4,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.",
"vector_string": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"weakness": "CWE-20"
},
"CVE-2011-3190": {
"id": "CVE-2011-3190",
"references": [
"http://marc.info/?l=bugtraq&m=132215163318824&w=2",
"http://marc.info/?l=bugtraq&m=133469267822771&w=2",
"http://marc.info/?l=bugtraq&m=136485229118404&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://secunia.com/advisories/45748",
"http://secunia.com/advisories/48308",
"http://secunia.com/advisories/49094",
"http://secunia.com/advisories/57126",
"http://securityreason.com/securityalert/8362",
"http://www.debian.org/security/2012/dsa-2401",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:156",
"http://www.securityfocus.com/archive/1/519466/100/0/threaded",
"http://www.securityfocus.com/bid/49353",
"http://www.securitytracker.com/id?1025993",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/69472",
"https://issues.apache.org/bugzilla/show_bug.cgi?id=51698",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465"
],
"score": 7.5,
"services": [
"444/http"
],
"severity": "high",
"summary": "Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"weakness": "CWE-264"
},
"CVE-2011-4858": {
"id": "CVE-2011-4858",
"references": [
"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e",
"http://marc.info/?l=bugtraq&m=132871655717248&w=2",
"http://marc.info/?l=bugtraq&m=133294394108746&w=2",
"http://marc.info/?l=bugtraq&m=136485229118404&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0074.html",
"http://rhn.redhat.com/errata/RHSA-2012-0075.html",
"http://rhn.redhat.com/errata/RHSA-2012-0076.html",
"http://rhn.redhat.com/errata/RHSA-2012-0077.html",
"http://rhn.redhat.com/errata/RHSA-2012-0078.html",
"http://rhn.redhat.com/errata/RHSA-2012-0089.html",
"http://rhn.redhat.com/errata/RHSA-2012-0325.html",
"http://rhn.redhat.com/errata/RHSA-2012-0406.html",
"http://secunia.com/advisories/48549",
"http://secunia.com/advisories/48790",
"http://secunia.com/advisories/48791",
"http://secunia.com/advisories/54971",
"http://secunia.com/advisories/55115",
"http://tomcat.apache.org/tomcat-7.0-doc/changelog.html",
"http://www.debian.org/security/2012/dsa-2401",
"http://www.kb.cert.org/vuls/id/903934",
"http://www.nruns.com/_downloads/advisory28122011.pdf",
"http://www.ocert.org/advisories/ocert-2011-003.html",
"http://www.securityfocus.com/bid/51200",
"https://bugzilla.redhat.com/show_bug.cgi?id=750521",
"https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-399"
},
"CVE-2011-5062": {
"id": "CVE-2011-5062",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0074.html",
"http://rhn.redhat.com/errata/RHSA-2012-0075.html",
"http://rhn.redhat.com/errata/RHSA-2012-0076.html",
"http://rhn.redhat.com/errata/RHSA-2012-0077.html",
"http://rhn.redhat.com/errata/RHSA-2012-0078.html",
"http://rhn.redhat.com/errata/RHSA-2012-0325.html",
"http://secunia.com/advisories/57126",
"http://svn.apache.org/viewvc?view=rev&rev=1087655",
"http://svn.apache.org/viewvc?view=rev&rev=1158180",
"http://svn.apache.org/viewvc?view=rev&rev=1159309",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.debian.org/security/2012/dsa-2401",
"http://www.redhat.com/support/errata/RHSA-2011-1845.html",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"weakness": "CWE-264"
},
"CVE-2011-5063": {
"id": "CVE-2011-5063",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0074.html",
"http://rhn.redhat.com/errata/RHSA-2012-0075.html",
"http://rhn.redhat.com/errata/RHSA-2012-0076.html",
"http://rhn.redhat.com/errata/RHSA-2012-0077.html",
"http://rhn.redhat.com/errata/RHSA-2012-0078.html",
"http://rhn.redhat.com/errata/RHSA-2012-0325.html",
"http://secunia.com/advisories/57126",
"http://svn.apache.org/viewvc?view=rev&rev=1087655",
"http://svn.apache.org/viewvc?view=rev&rev=1158180",
"http://svn.apache.org/viewvc?view=rev&rev=1159309",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.debian.org/security/2012/dsa-2401",
"http://www.redhat.com/support/errata/RHSA-2011-1845.html",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "CWE-287"
},
"CVE-2011-5064": {
"id": "CVE-2011-5064",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0074.html",
"http://rhn.redhat.com/errata/RHSA-2012-0075.html",
"http://rhn.redhat.com/errata/RHSA-2012-0076.html",
"http://rhn.redhat.com/errata/RHSA-2012-0077.html",
"http://rhn.redhat.com/errata/RHSA-2012-0078.html",
"http://rhn.redhat.com/errata/RHSA-2012-0325.html",
"http://secunia.com/advisories/57126",
"http://svn.apache.org/viewvc?view=rev&rev=1087655",
"http://svn.apache.org/viewvc?view=rev&rev=1158180",
"http://svn.apache.org/viewvc?view=rev&rev=1159309",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.debian.org/security/2012/dsa-2401",
"http://www.redhat.com/support/errata/RHSA-2011-1845.html",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "CWE-310"
},
"CVE-2012-0022": {
"id": "CVE-2012-0022",
"references": [
"http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.html",
"http://marc.info/?l=bugtraq&m=132871655717248&w=2",
"http://marc.info/?l=bugtraq&m=133294394108746&w=2",
"http://marc.info/?l=bugtraq&m=136485229118404&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0074.html",
"http://rhn.redhat.com/errata/RHSA-2012-0075.html",
"http://rhn.redhat.com/errata/RHSA-2012-0076.html",
"http://rhn.redhat.com/errata/RHSA-2012-0077.html",
"http://rhn.redhat.com/errata/RHSA-2012-0078.html",
"http://rhn.redhat.com/errata/RHSA-2012-0325.html",
"http://rhn.redhat.com/errata/RHSA-2012-0345.html",
"http://rhn.redhat.com/errata/RHSA-2012-1331.html",
"http://secunia.com/advisories/48213",
"http://secunia.com/advisories/48549",
"http://secunia.com/advisories/48790",
"http://secunia.com/advisories/48791",
"http://secunia.com/advisories/50863",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.debian.org/security/2012/dsa-2401",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:085",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"http://www.securityfocus.com/bid/51447",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/72425",
"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-189"
},
"CVE-2012-2733": {
"id": "CVE-2012-2733",
"references": [
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://secunia.com/advisories/51371",
"http://secunia.com/advisories/57126",
"http://svn.apache.org/viewvc?view=revision&revision=1350301",
"http://svn.apache.org/viewvc?view=revision&revision=1356208",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.securityfocus.com/bid/56402",
"http://www.securitytracker.com/id?1027729",
"http://www.ubuntu.com/usn/USN-1637-1",
"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19218"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2012-3544": {
"id": "CVE-2012-3544",
"references": [
"http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592&r2=1476591&pathrev=1476592",
"http://svn.apache.org/viewvc?view=revision&revision=1378702",
"http://svn.apache.org/viewvc?view=revision&revision=1378921",
"http://svn.apache.org/viewvc?view=revision&revision=1476592",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/59797",
"http://www.securityfocus.com/bid/64758",
"http://www.ubuntu.com/usn/USN-1841-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2012-3546": {
"id": "CVE-2012-3546",
"references": [
"http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html",
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0004.html",
"http://rhn.redhat.com/errata/RHSA-2013-0005.html",
"http://rhn.redhat.com/errata/RHSA-2013-0146.html",
"http://rhn.redhat.com/errata/RHSA-2013-0147.html",
"http://rhn.redhat.com/errata/RHSA-2013-0151.html",
"http://rhn.redhat.com/errata/RHSA-2013-0157.html",
"http://rhn.redhat.com/errata/RHSA-2013-0158.html",
"http://rhn.redhat.com/errata/RHSA-2013-0162.html",
"http://rhn.redhat.com/errata/RHSA-2013-0163.html",
"http://rhn.redhat.com/errata/RHSA-2013-0164.html",
"http://rhn.redhat.com/errata/RHSA-2013-0191.html",
"http://rhn.redhat.com/errata/RHSA-2013-0192.html",
"http://rhn.redhat.com/errata/RHSA-2013-0193.html",
"http://rhn.redhat.com/errata/RHSA-2013-0194.html",
"http://rhn.redhat.com/errata/RHSA-2013-0195.html",
"http://rhn.redhat.com/errata/RHSA-2013-0196.html",
"http://rhn.redhat.com/errata/RHSA-2013-0197.html",
"http://rhn.redhat.com/errata/RHSA-2013-0198.html",
"http://rhn.redhat.com/errata/RHSA-2013-0221.html",
"http://rhn.redhat.com/errata/RHSA-2013-0235.html",
"http://rhn.redhat.com/errata/RHSA-2013-0623.html",
"http://rhn.redhat.com/errata/RHSA-2013-0640.html",
"http://rhn.redhat.com/errata/RHSA-2013-0641.html",
"http://rhn.redhat.com/errata/RHSA-2013-0642.html",
"http://secunia.com/advisories/51984",
"http://secunia.com/advisories/52054",
"http://secunia.com/advisories/57126",
"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892",
"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892",
"http://svn.apache.org/viewvc?view=revision&revision=1377892",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.securityfocus.com/bid/56812",
"http://www.securitytracker.com/id?1027833",
"http://www.ubuntu.com/usn/USN-1685-1",
"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-264"
},
"CVE-2012-4431": {
"id": "CVE-2012-4431",
"references": [
"http://archives.neohapsis.com/archives/bugtraq/2012-12/0045.html",
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0267.html",
"http://rhn.redhat.com/errata/RHSA-2013-0268.html",
"http://rhn.redhat.com/errata/RHSA-2013-0647.html",
"http://rhn.redhat.com/errata/RHSA-2013-0648.html",
"http://rhn.redhat.com/errata/RHSA-2013-1437.html",
"http://rhn.redhat.com/errata/RHSA-2013-1853.html",
"http://secunia.com/advisories/57126",
"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1393088&r2=1393087&pathrev=1393088",
"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1393088&r2=1393087&pathrev=1393088",
"http://svn.apache.org/viewvc?view=revision&revision=1393088",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.securityfocus.com/bid/56814",
"http://www.securitytracker.com/id?1027834",
"http://www.ubuntu.com/usn/USN-1685-1",
"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18541"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-264"
},
"CVE-2012-4534": {
"id": "CVE-2012-4534",
"references": [
"http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0623.html",
"http://secunia.com/advisories/57126",
"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218",
"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218",
"http://svn.apache.org/viewvc?view=revision&revision=1340218",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.securityfocus.com/bid/56813",
"http://www.securitytracker.com/id?1027836",
"http://www.ubuntu.com/usn/USN-1685-1",
"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
"https://issues.apache.org/bugzilla/show_bug.cgi?id=52858",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398"
],
"score": 2.6,
"services": [
"444/http"
],
"severity": "low",
"summary": "org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.",
"vector_string": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"weakness": "CWE-399"
},
"CVE-2012-5885": {
"id": "CVE-2012-5885",
"references": [
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
"http://marc.info/?l=bugtraq&m=136485229118404&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0623.html",
"http://rhn.redhat.com/errata/RHSA-2013-0629.html",
"http://rhn.redhat.com/errata/RHSA-2013-0631.html",
"http://rhn.redhat.com/errata/RHSA-2013-0632.html",
"http://rhn.redhat.com/errata/RHSA-2013-0633.html",
"http://rhn.redhat.com/errata/RHSA-2013-0640.html",
"http://rhn.redhat.com/errata/RHSA-2013-0647.html",
"http://rhn.redhat.com/errata/RHSA-2013-0648.html",
"http://rhn.redhat.com/errata/RHSA-2013-0726.html",
"http://secunia.com/advisories/51371",
"http://svn.apache.org/viewvc?view=revision&revision=1377807",
"http://svn.apache.org/viewvc?view=revision&revision=1380829",
"http://svn.apache.org/viewvc?view=revision&revision=1392248",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
"http://www.securityfocus.com/bid/56403",
"http://www.ubuntu.com/usn/USN-1637-1",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/80408",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"weakness": "CWE-264"
},
"CVE-2012-5886": {
"id": "CVE-2012-5886",
"references": [
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
"http://rhn.redhat.com/errata/RHSA-2013-0623.html",
"http://rhn.redhat.com/errata/RHSA-2013-0629.html",
"http://rhn.redhat.com/errata/RHSA-2013-0631.html",
"http://rhn.redhat.com/errata/RHSA-2013-0632.html",
"http://rhn.redhat.com/errata/RHSA-2013-0633.html",
"http://rhn.redhat.com/errata/RHSA-2013-0640.html",
"http://rhn.redhat.com/errata/RHSA-2013-0647.html",
"http://rhn.redhat.com/errata/RHSA-2013-0648.html",
"http://rhn.redhat.com/errata/RHSA-2013-0726.html",
"http://secunia.com/advisories/51371",
"http://svn.apache.org/viewvc?view=revision&revision=1377807",
"http://svn.apache.org/viewvc?view=revision&revision=1380829",
"http://svn.apache.org/viewvc?view=revision&revision=1392248",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
"http://www.securityfocus.com/bid/56403",
"http://www.ubuntu.com/usn/USN-1637-1",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/80407"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "CWE-287"
},
"CVE-2012-5887": {
"id": "CVE-2012-5887",
"references": [
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
"http://rhn.redhat.com/errata/RHSA-2013-0623.html",
"http://rhn.redhat.com/errata/RHSA-2013-0629.html",
"http://rhn.redhat.com/errata/RHSA-2013-0631.html",
"http://rhn.redhat.com/errata/RHSA-2013-0632.html",
"http://rhn.redhat.com/errata/RHSA-2013-0633.html",
"http://rhn.redhat.com/errata/RHSA-2013-0640.html",
"http://rhn.redhat.com/errata/RHSA-2013-0647.html",
"http://rhn.redhat.com/errata/RHSA-2013-0648.html",
"http://rhn.redhat.com/errata/RHSA-2013-0726.html",
"http://secunia.com/advisories/51371",
"http://svn.apache.org/viewvc?view=revision&revision=1377807",
"http://svn.apache.org/viewvc?view=revision&revision=1380829",
"http://svn.apache.org/viewvc?view=revision&revision=1392248",
"http://tomcat.apache.org/security-5.html",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
"http://www.securityfocus.com/bid/56403",
"http://www.ubuntu.com/usn/USN-1637-1",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/79809"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "CWE-287"
},
"CVE-2013-2067": {
"id": "CVE-2013-2067",
"references": [
"http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html",
"http://rhn.redhat.com/errata/RHSA-2013-0833.html",
"http://rhn.redhat.com/errata/RHSA-2013-0834.html",
"http://rhn.redhat.com/errata/RHSA-2013-0839.html",
"http://rhn.redhat.com/errata/RHSA-2013-0964.html",
"http://rhn.redhat.com/errata/RHSA-2013-1437.html",
"http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891",
"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044",
"http://svn.apache.org/viewvc?view=revision&revision=1408044",
"http://svn.apache.org/viewvc?view=revision&revision=1417891",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/59799",
"http://www.securityfocus.com/bid/64758",
"http://www.ubuntu.com/usn/USN-1841-1",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
],
"score": 6.8,
"services": [
"444/http"
],
"severity": "medium",
"summary": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"weakness": "CWE-287"
},
"CVE-2013-2185": {
"id": "CVE-2013-2185",
"references": [
"http://openwall.com/lists/oss-security/2014/10/24/12",
"http://rhn.redhat.com/errata/RHSA-2013-1193.html",
"http://rhn.redhat.com/errata/RHSA-2013-1194.html",
"http://rhn.redhat.com/errata/RHSA-2013-1265.html",
"http://www.openwall.com/lists/oss-security/2013/09/05/4"
],
"score": 7.5,
"services": [
"444/http"
],
"severity": "high",
"summary": "The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"weakness": "CWE-20"
},
"CVE-2013-4286": {
"id": "CVE-2013-4286",
"references": [
"http://advisories.mageia.org/MGASA-2014-0148.html",
"http://marc.info/?l=bugtraq&m=141390017113542&w=2",
"http://marc.info/?l=bugtraq&m=144498216801440&w=2",
"http://rhn.redhat.com/errata/RHSA-2014-0343.html",
"http://rhn.redhat.com/errata/RHSA-2014-0344.html",
"http://rhn.redhat.com/errata/RHSA-2014-0345.html",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://secunia.com/advisories/57675",
"http://secunia.com/advisories/59036",
"http://secunia.com/advisories/59675",
"http://secunia.com/advisories/59722",
"http://secunia.com/advisories/59724",
"http://secunia.com/advisories/59733",
"http://secunia.com/advisories/59873",
"http://svn.apache.org/viewvc?view=revision&revision=1521829",
"http://svn.apache.org/viewvc?view=revision&revision=1521854",
"http://svn.apache.org/viewvc?view=revision&revision=1552565",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21667883",
"http://www-01.ibm.com/support/docview.wss?uid=swg21675886",
"http://www-01.ibm.com/support/docview.wss?uid=swg21677147",
"http://www-01.ibm.com/support/docview.wss?uid=swg21678113",
"http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/65773",
"http://www.ubuntu.com/usn/USN-2130-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1069921",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://rhn.redhat.com/errata/RHSA-2014-0686.html"
],
"score": 5.8,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a \"Transfer-Encoding: chunked\" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"weakness": "CWE-20"
},
"CVE-2013-4322": {
"id": "CVE-2013-4322",
"references": [
"http://advisories.mageia.org/MGASA-2014-0148.html",
"http://marc.info/?l=bugtraq&m=144498216801440&w=2",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://secunia.com/advisories/59036",
"http://secunia.com/advisories/59675",
"http://secunia.com/advisories/59722",
"http://secunia.com/advisories/59724",
"http://secunia.com/advisories/59873",
"http://svn.apache.org/viewvc?view=revision&revision=1521834",
"http://svn.apache.org/viewvc?view=revision&revision=1521864",
"http://svn.apache.org/viewvc?view=revision&revision=1549522",
"http://svn.apache.org/viewvc?view=revision&revision=1549523",
"http://svn.apache.org/viewvc?view=revision&revision=1556540",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21667883",
"http://www-01.ibm.com/support/docview.wss?uid=swg21675886",
"http://www-01.ibm.com/support/docview.wss?uid=swg21677147",
"http://www-01.ibm.com/support/docview.wss?uid=swg21678113",
"http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/65767",
"http://www.ubuntu.com/usn/USN-2130-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0008.html",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1069905",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://rhn.redhat.com/errata/RHSA-2014-0686.html"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2013-4444": {
"id": "CVE-2013-4444",
"references": [
"http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html",
"http://marc.info/?l=bugtraq&m=144498216801440&w=2",
"http://openwall.com/lists/oss-security/2014/10/24/12",
"http://seclists.org/fulldisclosure/2021/Jan/23",
"http://tomcat.apache.org/security-7.html",
"http://www.debian.org/security/2016/dsa-3447",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.securityfocus.com/bid/69728",
"http://www.securitytracker.com/id/1030834",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
],
"score": 6.8,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"weakness": "CWE-94"
},
"CVE-2013-4590": {
"id": "CVE-2013-4590",
"references": [
"http://advisories.mageia.org/MGASA-2014-0148.html",
"http://marc.info/?l=bugtraq&m=144498216801440&w=2",
"http://secunia.com/advisories/59036",
"http://secunia.com/advisories/59722",
"http://secunia.com/advisories/59724",
"http://secunia.com/advisories/59873",
"http://svn.apache.org/viewvc?view=revision&revision=1549528",
"http://svn.apache.org/viewvc?view=revision&revision=1549529",
"http://svn.apache.org/viewvc?view=revision&revision=1558828",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21667883",
"http://www-01.ibm.com/support/docview.wss?uid=swg21675886",
"http://www-01.ibm.com/support/docview.wss?uid=swg21677147",
"http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"http://www.securityfocus.com/bid/65768",
"http://www.vmware.com/security/advisories/VMSA-2014-0008.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1069911",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain \"Tomcat internals\" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2014-0075": {
"id": "CVE-2014-0075",
"references": [
"http://advisories.mageia.org/MGASA-2014-0268.html",
"http://linux.oracle.com/errata/ELSA-2014-0865.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html",
"http://marc.info/?l=bugtraq&m=141017844705317&w=2",
"http://marc.info/?l=bugtraq&m=141390017113542&w=2",
"http://marc.info/?l=bugtraq&m=144498216801440&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-0675.html",
"http://rhn.redhat.com/errata/RHSA-2015-0720.html",
"http://rhn.redhat.com/errata/RHSA-2015-0765.html",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://secunia.com/advisories/59121",
"http://secunia.com/advisories/59616",
"http://secunia.com/advisories/59678",
"http://secunia.com/advisories/59732",
"http://secunia.com/advisories/59835",
"http://secunia.com/advisories/59849",
"http://secunia.com/advisories/59873",
"http://secunia.com/advisories/60729",
"http://secunia.com/advisories/60793",
"http://svn.apache.org/viewvc?view=revision&revision=1578337",
"http://svn.apache.org/viewvc?view=revision&revision=1578341",
"http://svn.apache.org/viewvc?view=revision&revision=1579262",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"http://www-01.ibm.com/support/docview.wss?uid=swg21680603",
"http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"http://www.debian.org/security/2016/dsa-3447",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084",
"http://www.novell.com/support/kb/doc.php?id=7010166",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/67671",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-189"
},
"CVE-2014-0096": {
"id": "CVE-2014-0096",
"references": [
"http://advisories.mageia.org/MGASA-2014-0268.html",
"http://linux.oracle.com/errata/ELSA-2014-0865.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html",
"http://marc.info/?l=bugtraq&m=141017844705317&w=2",
"http://marc.info/?l=bugtraq&m=144498216801440&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-0675.html",
"http://rhn.redhat.com/errata/RHSA-2015-0720.html",
"http://rhn.redhat.com/errata/RHSA-2015-0765.html",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://seclists.org/fulldisclosure/2014/May/135",
"http://secunia.com/advisories/59121",
"http://secunia.com/advisories/59616",
"http://secunia.com/advisories/59678",
"http://secunia.com/advisories/59732",
"http://secunia.com/advisories/59835",
"http://secunia.com/advisories/59849",
"http://secunia.com/advisories/59873",
"http://secunia.com/advisories/60729",
"http://svn.apache.org/viewvc?view=revision&revision=1578610",
"http://svn.apache.org/viewvc?view=revision&revision=1578611",
"http://svn.apache.org/viewvc?view=revision&revision=1578637",
"http://svn.apache.org/viewvc?view=revision&revision=1578655",
"http://svn.apache.org/viewvc?view=revision&revision=1585853",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.debian.org/security/2016/dsa-3552",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084",
"http://www.novell.com/support/kb/doc.php?id=7010166",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/67667",
"http://www.securitytracker.com/id/1030301",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "CWE-264"
},
"CVE-2014-0099": {
"id": "CVE-2014-0099",
"references": [
"http://advisories.mageia.org/MGASA-2014-0268.html",
"http://linux.oracle.com/errata/ELSA-2014-0865.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html",
"http://marc.info/?l=bugtraq&m=141017844705317&w=2",
"http://marc.info/?l=bugtraq&m=141390017113542&w=2",
"http://marc.info/?l=bugtraq&m=144498216801440&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-0675.html",
"http://rhn.redhat.com/errata/RHSA-2015-0720.html",
"http://rhn.redhat.com/errata/RHSA-2015-0765.html",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://seclists.org/fulldisclosure/2014/May/138",
"http://seclists.org/fulldisclosure/2014/May/140",
"http://secunia.com/advisories/59121",
"http://secunia.com/advisories/59678",
"http://secunia.com/advisories/59732",
"http://secunia.com/advisories/59835",
"http://secunia.com/advisories/59849",
"http://secunia.com/advisories/59873",
"http://secunia.com/advisories/60729",
"http://secunia.com/advisories/60793",
"http://svn.apache.org/viewvc?view=revision&revision=1578812",
"http://svn.apache.org/viewvc?view=revision&revision=1578814",
"http://svn.apache.org/viewvc?view=revision&revision=1580473",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"http://www-01.ibm.com/support/docview.wss?uid=swg21680603",
"http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"http://www.debian.org/security/2016/dsa-3447",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.securityfocus.com/archive/1/532218/100/0/threaded",
"http://www.securityfocus.com/archive/1/532221/100/0/threaded",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/67668",
"http://www.securitytracker.com/id/1030302",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-189"
},
"CVE-2014-0119": {
"id": "CVE-2014-0119",
"references": [
"http://advisories.mageia.org/MGASA-2014-0268.html",
"http://marc.info/?l=bugtraq&m=141017844705317&w=2",
"http://marc.info/?l=bugtraq&m=144498216801440&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-0675.html",
"http://rhn.redhat.com/errata/RHSA-2015-0720.html",
"http://rhn.redhat.com/errata/RHSA-2015-0765.html",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://seclists.org/fulldisclosure/2014/May/141",
"http://secunia.com/advisories/59732",
"http://secunia.com/advisories/59873",
"http://secunia.com/advisories/60729",
"http://svn.apache.org/viewvc?view=revision&revision=1588193",
"http://svn.apache.org/viewvc?view=revision&revision=1588199",
"http://svn.apache.org/viewvc?view=revision&revision=1589640",
"http://svn.apache.org/viewvc?view=revision&revision=1589837",
"http://svn.apache.org/viewvc?view=revision&revision=1589980",
"http://svn.apache.org/viewvc?view=revision&revision=1589983",
"http://svn.apache.org/viewvc?view=revision&revision=1589985",
"http://svn.apache.org/viewvc?view=revision&revision=1589990",
"http://svn.apache.org/viewvc?view=revision&revision=1589992",
"http://svn.apache.org/viewvc?view=revision&revision=1589997",
"http://svn.apache.org/viewvc?view=revision&revision=1590028",
"http://svn.apache.org/viewvc?view=revision&revision=1590036",
"http://svn.apache.org/viewvc?view=revision&revision=1593815",
"http://svn.apache.org/viewvc?view=revision&revision=1593821",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.debian.org/security/2016/dsa-3552",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/67669",
"http://www.securitytracker.com/id/1030298",
"http://www.ubuntu.com/usn/USN-2654-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "CWE-264"
},
"CVE-2014-0227": {
"id": "CVE-2014-0227",
"references": [
"http://advisories.mageia.org/MGASA-2015-0081.html",
"http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html",
"http://marc.info/?l=bugtraq&m=143393515412274&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-0675.html",
"http://rhn.redhat.com/errata/RHSA-2015-0720.html",
"http://rhn.redhat.com/errata/RHSA-2015-0765.html",
"http://rhn.redhat.com/errata/RHSA-2015-0983.html",
"http://rhn.redhat.com/errata/RHSA-2015-0991.html",
"http://svn.apache.org/viewvc?view=revision&revision=1600984",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www.debian.org/security/2016/dsa-3447",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.securityfocus.com/bid/72717",
"http://www.securitytracker.com/id/1032791",
"http://www.ubuntu.com/usn/USN-2654-1",
"http://www.ubuntu.com/usn/USN-2655-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=1109196",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://source.jboss.org/changelog/JBossWeb?cs=2455"
],
"score": 6.4,
"services": [
"444/http"
],
"severity": "medium",
"summary": "java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"weakness": "CWE-19"
},
"CVE-2014-0230": {
"id": "CVE-2014-0230",
"references": [
"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E",
"http://marc.info/?l=bugtraq&m=144498216801440&w=2",
"http://marc.info/?l=bugtraq&m=145974991225029&w=2",
"http://openwall.com/lists/oss-security/2015/04/10/1",
"http://rhn.redhat.com/errata/RHSA-2015-1621.html",
"http://rhn.redhat.com/errata/RHSA-2015-1622.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0595.html",
"http://rhn.redhat.com/errata/RHSA-2016-0596.html",
"http://rhn.redhat.com/errata/RHSA-2016-0597.html",
"http://rhn.redhat.com/errata/RHSA-2016-0598.html",
"http://rhn.redhat.com/errata/RHSA-2016-0599.html",
"http://svn.apache.org/viewvc?view=revision&revision=1603770",
"http://svn.apache.org/viewvc?view=revision&revision=1603775",
"http://svn.apache.org/viewvc?view=revision&revision=1603779",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www.debian.org/security/2016/dsa-3447",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.securityfocus.com/bid/74475",
"http://www.ubuntu.com/usn/USN-2654-1",
"http://www.ubuntu.com/usn/USN-2655-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
"https://issues.jboss.org/browse/JWS-219",
"https://issues.jboss.org/browse/JWS-220",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
],
"score": 7.8,
"services": [
"444/http"
],
"severity": "high",
"summary": "Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"weakness": "CWE-399"
},
"CVE-2014-7810": {
"id": "CVE-2014-7810",
"references": [
"http://marc.info/?l=bugtraq&m=145974991225029&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1621.html",
"http://rhn.redhat.com/errata/RHSA-2015-1622.html",
"http://rhn.redhat.com/errata/RHSA-2016-0492.html",
"http://rhn.redhat.com/errata/RHSA-2016-2046.html",
"http://svn.apache.org/viewvc?view=revision&revision=1644018",
"http://svn.apache.org/viewvc?view=revision&revision=1645642",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www.debian.org/security/2015/dsa-3428",
"http://www.debian.org/security/2016/dsa-3447",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"http://www.securityfocus.com/bid/74665",
"http://www.securitytracker.com/id/1032330",
"http://www.ubuntu.com/usn/USN-2654-1",
"http://www.ubuntu.com/usn/USN-2655-1",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
],
"score": 5,
"services": [
"444/http"
],
"severity": "medium",
"summary": "The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "CWE-284"
},
"CVE-2015-5174": {
"id": "CVE-2015-5174",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
"http://marc.info/?l=bugtraq&m=145974991225029&w=2",
"http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html",
"http://rhn.redhat.com/errata/RHSA-2016-1435.html",
"http://rhn.redhat.com/errata/RHSA-2016-2045.html",
"http://rhn.redhat.com/errata/RHSA-2016-2599.html",
"http://seclists.org/bugtraq/2016/Feb/149",
"http://svn.apache.org/viewvc?view=revision&revision=1696281",
"http://svn.apache.org/viewvc?view=revision&revision=1696284",
"http://svn.apache.org/viewvc?view=revision&revision=1700897",
"http://svn.apache.org/viewvc?view=revision&revision=1700898",
"http://svn.apache.org/viewvc?view=revision&revision=1700900",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.debian.org/security/2016/dsa-3552",
"http://www.debian.org/security/2016/dsa-3609",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"http://www.securityfocus.com/bid/83329",
"http://www.securitytracker.com/id/1035070",
"http://www.ubuntu.com/usn/USN-3024-1",
"https://access.redhat.com/errata/RHSA-2016:1432",
"https://access.redhat.com/errata/RHSA-2016:1433",
"https://access.redhat.com/errata/RHSA-2016:1434",
"https://bto.bluecoat.com/security-advisory/sa118",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E",
"https://security.gentoo.org/glsa/201705-09",
"https://security.netapp.com/advisory/ntap-20180531-0001/"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-22"
},
"CVE-2015-5345": {
"id": "CVE-2015-5345",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
"http://marc.info/?l=bugtraq&m=145974991225029&w=2",
"http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html",
"http://rhn.redhat.com/errata/RHSA-2016-1089.html",
"http://rhn.redhat.com/errata/RHSA-2016-2045.html",
"http://rhn.redhat.com/errata/RHSA-2016-2599.html",
"http://seclists.org/bugtraq/2016/Feb/146",
"http://seclists.org/fulldisclosure/2016/Feb/122",
"http://svn.apache.org/viewvc?view=revision&revision=1715206",
"http://svn.apache.org/viewvc?view=revision&revision=1715207",
"http://svn.apache.org/viewvc?view=revision&revision=1715213",
"http://svn.apache.org/viewvc?view=revision&revision=1715216",
"http://svn.apache.org/viewvc?view=revision&revision=1716882",
"http://svn.apache.org/viewvc?view=revision&revision=1716894",
"http://svn.apache.org/viewvc?view=revision&revision=1717209",
"http://svn.apache.org/viewvc?view=revision&revision=1717212",
"http://svn.apache.org/viewvc?view=revision&revision=1717216",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://tomcat.apache.org/security-9.html",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.debian.org/security/2016/dsa-3552",
"http://www.debian.org/security/2016/dsa-3609",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html",
"http://www.securityfocus.com/bid/83328",
"http://www.securitytracker.com/id/1035071",
"http://www.ubuntu.com/usn/USN-3024-1",
"https://access.redhat.com/errata/RHSA-2016:1087",
"https://access.redhat.com/errata/RHSA-2016:1088",
"https://bto.bluecoat.com/security-advisory/sa118",
"https://bz.apache.org/bugzilla/show_bug.cgi?id=58765",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10156",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://security.gentoo.org/glsa/201705-09",
"https://security.netapp.com/advisory/ntap-20180531-0001/"
],
"score": 5.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-22"
},
"CVE-2016-0706": {
"id": "CVE-2016-0706",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
"http://marc.info/?l=bugtraq&m=145974991225029&w=2",
"http://rhn.redhat.com/errata/RHSA-2016-1089.html",
"http://rhn.redhat.com/errata/RHSA-2016-2045.html",
"http://rhn.redhat.com/errata/RHSA-2016-2599.html",
"http://rhn.redhat.com/errata/RHSA-2016-2807.html",
"http://rhn.redhat.com/errata/RHSA-2016-2808.html",
"http://seclists.org/bugtraq/2016/Feb/144",
"http://svn.apache.org/viewvc?view=revision&revision=1722799",
"http://svn.apache.org/viewvc?view=revision&revision=1722800",
"http://svn.apache.org/viewvc?view=revision&revision=1722801",
"http://svn.apache.org/viewvc?view=revision&revision=1722802",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://tomcat.apache.org/security-9.html",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.debian.org/security/2016/dsa-3552",
"http://www.debian.org/security/2016/dsa-3609",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"http://www.securityfocus.com/bid/83324",
"http://www.securitytracker.com/id/1035069",
"http://www.ubuntu.com/usn/USN-3024-1",
"https://access.redhat.com/errata/RHSA-2016:1087",
"https://access.redhat.com/errata/RHSA-2016:1088",
"https://bto.bluecoat.com/security-advisory/sa118",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://security.gentoo.org/glsa/201705-09",
"https://security.netapp.com/advisory/ntap-20180531-0001/"
],
"score": 4.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2016-0762": {
"id": "CVE-2016-0762",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-0457.html",
"http://www.debian.org/security/2016/dsa-3720",
"http://www.securityfocus.com/bid/93939",
"http://www.securitytracker.com/id/1037144",
"https://access.redhat.com/errata/RHSA-2017:0455",
"https://access.redhat.com/errata/RHSA-2017:0456",
"https://access.redhat.com/errata/RHSA-2017:2247",
"https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180605-0001/",
"https://usn.ubuntu.com/4557-1/",
"https://www.oracle.com//security-alerts/cpujul2021.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 5.9,
"services": [
"444/http"
],
"severity": "medium",
"summary": "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-203"
},
"CVE-2016-20012": {
"id": "CVE-2016-20012",
"references": [
"https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265",
"https://github.com/openssh/openssh-portable/pull/270",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185",
"https://rushter.com/blog/public-ssh-keys/",
"https://security.netapp.com/advisory/ntap-20211014-0005/",
"https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak",
"https://www.openwall.com/lists/oss-security/2018/08/24/1"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "NVD-CWE-Other"
},
"CVE-2016-5018": {
"id": "CVE-2016-5018",
"references": [
"http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html",
"http://rhn.redhat.com/errata/RHSA-2017-0457.html",
"http://rhn.redhat.com/errata/RHSA-2017-1551.html",
"http://www.debian.org/security/2016/dsa-3720",
"http://www.securityfocus.com/bid/93942",
"http://www.securitytracker.com/id/1037142",
"http://www.securitytracker.com/id/1038757",
"https://access.redhat.com/errata/RHSA-2017:0455",
"https://access.redhat.com/errata/RHSA-2017:0456",
"https://access.redhat.com/errata/RHSA-2017:1548",
"https://access.redhat.com/errata/RHSA-2017:1549",
"https://access.redhat.com/errata/RHSA-2017:1550",
"https://access.redhat.com/errata/RHSA-2017:1552",
"https://access.redhat.com/errata/RHSA-2017:2247",
"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e%40%3Cannounce.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180605-0001/",
"https://usn.ubuntu.com/4557-1/",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 9.1,
"services": [
"444/http"
],
"severity": "critical",
"summary": "In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2016-5388": {
"id": "CVE-2016-5388",
"references": [
"http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html",
"http://rhn.redhat.com/errata/RHSA-2016-1624.html",
"http://rhn.redhat.com/errata/RHSA-2016-2045.html",
"http://rhn.redhat.com/errata/RHSA-2016-2046.html",
"http://www.kb.cert.org/vuls/id/797896",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"http://www.securityfocus.com/bid/91818",
"http://www.securitytracker.com/id/1036331",
"https://access.redhat.com/errata/RHSA-2016:1635",
"https://access.redhat.com/errata/RHSA-2016:1636",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://httpoxy.org/",
"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E",
"https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E",
"https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E",
"https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html",
"https://tomcat.apache.org/tomcat-7.0-doc/changelog.html",
"https://www.apache.org/security/asf-httpoxy-response.txt"
],
"score": 8.1,
"services": [
"444/http"
],
"severity": "high",
"summary": "Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-284"
},
"CVE-2016-6794": {
"id": "CVE-2016-6794",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-0457.html",
"http://www.debian.org/security/2016/dsa-3720",
"http://www.securityfocus.com/bid/93943",
"http://www.securitytracker.com/id/1037143",
"https://access.redhat.com/errata/RHSA-2017:0455",
"https://access.redhat.com/errata/RHSA-2017:0456",
"https://access.redhat.com/errata/RHSA-2017:2247",
"https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb%40%3Cannounce.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180605-0001/",
"https://usn.ubuntu.com/4557-1/",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 5.3,
"services": [
"444/http"
],
"severity": "medium",
"summary": "When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2016-6796": {
"id": "CVE-2016-6796",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-0457.html",
"http://rhn.redhat.com/errata/RHSA-2017-1551.html",
"http://www.debian.org/security/2016/dsa-3720",
"http://www.securityfocus.com/bid/93944",
"http://www.securitytracker.com/id/1037141",
"http://www.securitytracker.com/id/1038757",
"https://access.redhat.com/errata/RHSA-2017:0455",
"https://access.redhat.com/errata/RHSA-2017:0456",
"https://access.redhat.com/errata/RHSA-2017:1548",
"https://access.redhat.com/errata/RHSA-2017:1549",
"https://access.redhat.com/errata/RHSA-2017:1550",
"https://access.redhat.com/errata/RHSA-2017:1552",
"https://access.redhat.com/errata/RHSA-2017:2247",
"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45%40%3Cannounce.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180605-0001/",
"https://usn.ubuntu.com/4557-1/",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 7.5,
"services": [
"444/http"
],
"severity": "high",
"summary": "A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2016-6797": {
"id": "CVE-2016-6797",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-0457.html",
"http://www.debian.org/security/2016/dsa-3720",
"http://www.securityfocus.com/bid/93940",
"http://www.securitytracker.com/id/1037145",
"https://access.redhat.com/errata/RHSA-2017:0455",
"https://access.redhat.com/errata/RHSA-2017:0456",
"https://access.redhat.com/errata/RHSA-2017:2247",
"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352%40%3Cannounce.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180605-0001/",
"https://usn.ubuntu.com/4557-1/",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 7.5,
"services": [
"444/http"
],
"severity": "high",
"summary": "The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-863"
},
"CVE-2016-6816": {
"id": "CVE-2016-6816",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-0244.html",
"http://rhn.redhat.com/errata/RHSA-2017-0245.html",
"http://rhn.redhat.com/errata/RHSA-2017-0246.html",
"http://rhn.redhat.com/errata/RHSA-2017-0247.html",
"http://rhn.redhat.com/errata/RHSA-2017-0250.html",
"http://rhn.redhat.com/errata/RHSA-2017-0457.html",
"http://rhn.redhat.com/errata/RHSA-2017-0527.html",
"http://www.debian.org/security/2016/dsa-3738",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/94461",
"http://www.securitytracker.com/id/1037332",
"https://access.redhat.com/errata/RHSA-2017:0455",
"https://access.redhat.com/errata/RHSA-2017:0456",
"https://access.redhat.com/errata/RHSA-2017:0935",
"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180607-0001/",
"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13",
"https://usn.ubuntu.com/4557-1/",
"https://www.exploit-db.com/exploits/41783/"
],
"score": 7.1,
"services": [
"444/http"
],
"severity": "high",
"summary": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"weakness": "CWE-20"
},
"CVE-2016-8735": {
"id": "CVE-2016-8735",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-0457.html",
"http://seclists.org/oss-sec/2016/q4/502",
"http://svn.apache.org/viewvc?view=revision&revision=1767644",
"http://svn.apache.org/viewvc?view=revision&revision=1767656",
"http://svn.apache.org/viewvc?view=revision&revision=1767676",
"http://svn.apache.org/viewvc?view=revision&revision=1767684",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://tomcat.apache.org/security-9.html",
"http://www.debian.org/security/2016/dsa-3738",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/94463",
"http://www.securitytracker.com/id/1037331",
"https://access.redhat.com/errata/RHSA-2017:0455",
"https://access.redhat.com/errata/RHSA-2017:0456",
"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180607-0001/",
"https://usn.ubuntu.com/4557-1/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
],
"score": 9.8,
"services": [
"444/http"
],
"severity": "critical",
"summary": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2017-15906": {
"id": "CVE-2017-15906",
"references": [
"http://www.securityfocus.com/bid/101552",
"https://access.redhat.com/errata/RHSA-2018:0980",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201801-05",
"https://security.netapp.com/advisory/ntap-20180423-0004/",
"https://www.openssh.com/txt/release-7.6",
"https://www.oracle.com/security-alerts/cpujan2020.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-732"
},
"CVE-2017-5647": {
"id": "CVE-2017-5647",
"references": [
"http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt",
"http://www.debian.org/security/2017/dsa-3842",
"http://www.debian.org/security/2017/dsa-3843",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.securitytracker.com/id/1038218",
"https://access.redhat.com/errata/RHSA-2017:1801",
"https://access.redhat.com/errata/RHSA-2017:1802",
"https://access.redhat.com/errata/RHSA-2017:2493",
"https://access.redhat.com/errata/RHSA-2017:2494",
"https://access.redhat.com/errata/RHSA-2017:3080",
"https://access.redhat.com/errata/RHSA-2017:3081",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us",
"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a%40%3Cusers.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"https://security.gentoo.org/glsa/201705-09",
"https://security.netapp.com/advisory/ntap-20180614-0001/",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
],
"score": 7.5,
"services": [
"444/http"
],
"severity": "high",
"summary": "A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2018-15473": {
"id": "CVE-2018-15473",
"references": [
"http://www.openwall.com/lists/oss-security/2018/08/15/5",
"http://www.securityfocus.com/bid/105140",
"http://www.securitytracker.com/id/1041487",
"https://access.redhat.com/errata/RHSA-2019:0711",
"https://access.redhat.com/errata/RHSA-2019:2143",
"https://bugs.debian.org/906236",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011",
"https://security.gentoo.org/glsa/201810-03",
"https://security.netapp.com/advisory/ntap-20181101-0001/",
"https://usn.ubuntu.com/3809-1/",
"https://www.debian.org/security/2018/dsa-4280",
"https://www.exploit-db.com/exploits/45210/",
"https://www.exploit-db.com/exploits/45233/",
"https://www.exploit-db.com/exploits/45939/",
"https://www.oracle.com/security-alerts/cpujan2020.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-362"
},
"CVE-2018-15919": {
"id": "CVE-2018-15919",
"references": [
"http://seclists.org/oss-sec/2018/q3/180",
"http://www.securityfocus.com/bid/105163",
"https://security.netapp.com/advisory/ntap-20181221-0001/"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2018-20685": {
"id": "CVE-2018-20685",
"references": [
"http://www.securityfocus.com/bid/106531",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://security.gentoo.org/glsa/201903-16",
"https://security.gentoo.org/glsa/202007-53",
"https://security.netapp.com/advisory/ntap-20190215-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"weakness": "CWE-863"
},
"CVE-2019-6109": {
"id": "CVE-2019-6109",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 6.8,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"weakness": "CWE-116"
},
"CVE-2019-6110": {
"id": "CVE-2019-6110",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://www.exploit-db.com/exploits/46193/"
],
"score": 6.8,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"weakness": "CWE-838"
},
"CVE-2019-6111": {
"id": "CVE-2019-6111",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"http://www.openwall.com/lists/oss-security/2019/04/18/1",
"http://www.openwall.com/lists/oss-security/2022/08/02/1",
"http://www.securityfocus.com/bid/106741",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://usn.ubuntu.com/3885-2/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.exploit-db.com/exploits/46193/",
"https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-22"
},
"CVE-2020-14145": {
"id": "CVE-2020-14145",
"references": [
"http://www.openwall.com/lists/oss-security/2020/12/02/1",
"https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
"https://docs.ssh-mitm.at/CVE-2020-14145.html",
"https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1",
"https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
"https://security.gentoo.org/glsa/202105-35",
"https://security.netapp.com/advisory/ntap-20200709-0004/",
"https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-203"
},
"CVE-2020-15778": {
"id": "CVE-2020-15778",
"references": [
"https://access.redhat.com/errata/RHSA-2024:3166",
"https://github.com/cpandya2909/CVE-2020-15778/",
"https://news.ycombinator.com/item?id=25005567",
"https://security.gentoo.org/glsa/202212-06",
"https://security.netapp.com/advisory/ntap-20200731-0007/",
"https://www.openssh.com/security.html"
],
"score": 7.8,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"weakness": "CWE-78"
},
"CVE-2020-8022": {
"id": "CVE-2020-8022",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html",
"https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E",
"https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E",
"https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E"
],
"score": 7.8,
"services": [
"444/http"
],
"severity": "high",
"summary": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-276"
},
"CVE-2021-36368": {
"id": "CVE-2021-36368",
"references": [
"https://bugzilla.mindrot.org/show_bug.cgi?id=3316",
"https://docs.ssh-mitm.at/trivialauth.html",
"https://github.com/openssh/openssh-portable/pull/258",
"https://security-tracker.debian.org/tracker/CVE-2021-36368",
"https://www.openssh.com/security.html"
],
"score": 3.7,
"services": [
"22/ssh"
],
"severity": "low",
"summary": "An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is \"this is not an authentication bypass, since nothing is being bypassed.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-287"
},
"CVE-2021-41617": {
"id": "CVE-2021-41617",
"references": [
"https://bugzilla.suse.com/show_bug.cgi?id=1190975",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/",
"https://security.netapp.com/advisory/ntap-20211014-0004/",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-8.8",
"https://www.openwall.com/lists/oss-security/2021/09/26/1",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.starwindsoftware.com/security/sw-20220805-0001/",
"https://www.tenable.com/plugins/nessus/154174"
],
"score": 7,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.",
"vector_string": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-Other"
},
"CVE-2022-3424": {
"id": "CVE-2022-3424",
"references": [
"https://bugzilla.redhat.com/show_bug.cgi?id=2132640",
"https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc",
"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html",
"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html",
"https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com/",
"https://security.netapp.com/advisory/ntap-20230406-0005/",
"https://www.spinics.net/lists/kernel/msg4518970.html"
],
"score": 7.8,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-416"
},
"CVE-2022-3707": {
"id": "CVE-2022-3707",
"references": [
"https://bugzilla.redhat.com/show_bug.cgi?id=2137979",
"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html",
"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html",
"https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz%40163.com/"
],
"score": 5.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-415"
},
"CVE-2023-0030": {
"id": "CVE-2023-0030",
"references": [
"https://bugzilla.redhat.com/show_bug.cgi?id=2157270",
"https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10",
"https://security.netapp.com/advisory/ntap-20230413-0010/"
],
"score": 7.8,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-416"
},
"CVE-2023-1390": {
"id": "CVE-2023-1390",
"references": [
"https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5",
"https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6",
"https://infosec.exchange/%40_mattata/109427999461122360",
"https://security.netapp.com/advisory/ntap-20230420-0001/"
],
"score": 7.5,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "NVD-CWE-Other"
},
"CVE-2023-38408": {
"id": "CVE-2023-38408",
"references": [
"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"http://www.openwall.com/lists/oss-security/2023/07/20/1",
"http://www.openwall.com/lists/oss-security/2023/07/20/2",
"http://www.openwall.com/lists/oss-security/2023/09/22/11",
"http://www.openwall.com/lists/oss-security/2023/09/22/9",
"https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent",
"https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8",
"https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d",
"https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca",
"https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/",
"https://news.ycombinator.com/item?id=36790196",
"https://security.gentoo.org/glsa/202307-01",
"https://security.netapp.com/advisory/ntap-20230803-0010/",
"https://support.apple.com/kb/HT213940",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-9.3p2",
"https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt",
"https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408"
],
"score": 9.8,
"services": [
"22/ssh"
],
"severity": "critical",
"summary": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-428"
},
"CVE-2023-48795": {
"id": "CVE-2023-48795",
"references": [
"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/18/3",
"http://www.openwall.com/lists/oss-security/2023/12/19/5",
"http://www.openwall.com/lists/oss-security/2023/12/20/3",
"http://www.openwall.com/lists/oss-security/2024/03/06/3",
"http://www.openwall.com/lists/oss-security/2024/04/17/8",
"https://access.redhat.com/security/cve/cve-2023-48795",
"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
"https://bugs.gentoo.org/920280",
"https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
"https://bugzilla.suse.com/show_bug.cgi?id=1217950",
"https://crates.io/crates/thrussh/versions",
"https://filezilla-project.org/versions.php",
"https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
"https://github.com/NixOS/nixpkgs/pull/275249",
"https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
"https://github.com/advisories/GHSA-45x7-px36-x8w8",
"https://github.com/apache/mina-sshd/issues/445",
"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
"https://github.com/cyd01/KiTTY/issues/520",
"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
"https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
"https://github.com/hierynomus/sshj/issues/916",
"https://github.com/janmojzis/tinyssh/issues/81",
"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
"https://github.com/libssh2/libssh2/pull/1291",
"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
"https://github.com/mwiede/jsch/issues/457",
"https://github.com/mwiede/jsch/pull/461",
"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
"https://github.com/openssh/openssh-portable/commits/master",
"https://github.com/paramiko/paramiko/issues/2337",
"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/issues/456",
"https://github.com/rapier1/hpn-ssh/releases",
"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
"https://github.com/ronf/asyncssh/tags",
"https://github.com/ssh-mitm/ssh-mitm/issues/165",
"https://github.com/warp-tech/russh/releases/tag/v0.40.2",
"https://gitlab.com/libssh/libssh-mirror/-/tags",
"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
"https://help.panic.com/releasenotes/transmit5/",
"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
"https://matt.ucc.asn.au/dropbear/CHANGES",
"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
"https://news.ycombinator.com/item?id=38684904",
"https://news.ycombinator.com/item?id=38685286",
"https://news.ycombinator.com/item?id=38732005",
"https://nova.app/releases/#v11.8",
"https://oryx-embedded.com/download/#changelog",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
"https://roumenpetrov.info/secsh/#news20231220",
"https://security-tracker.debian.org/tracker/CVE-2023-48795",
"https://security-tracker.debian.org/tracker/source-package/libssh2",
"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
"https://security.gentoo.org/glsa/202312-16",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0004/",
"https://support.apple.com/kb/HT214084",
"https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
"https://twitter.com/TrueSkrillor/status/1736774389725565005",
"https://ubuntu.com/security/CVE-2023-48795",
"https://winscp.net/eng/docs/history#6.2.2",
"https://www.bitvise.com/ssh-client-version-history#933",
"https://www.bitvise.com/ssh-server-version-history",
"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.debian.org/security/2023/dsa-5588",
"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
"https://www.netsarang.com/en/xshell-update-history/",
"https://www.openssh.com/openbsd.html",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"https://www.openwall.com/lists/oss-security/2023/12/20/3",
"https://www.paramiko.org/changelog.html",
"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
"https://www.terrapin-attack.com",
"https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
"https://www.vandyke.com/products/securecrt/history.txt"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-354"
},
"CVE-2023-51384": {
"id": "CVE-2023-51384",
"references": [
"http://seclists.org/fulldisclosure/2024/Mar/21",
"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2"
],
"score": 5.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2023-51385": {
"id": "CVE-2023-51385",
"references": [
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/26/4",
"https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2"
],
"score": 6.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"weakness": "CWE-78"
},
"CVE-2023-51767": {
"id": "CVE-2023-51767",
"references": [
"https://access.redhat.com/security/cve/CVE-2023-51767",
"https://arxiv.org/abs/2309.02545",
"https://bugzilla.redhat.com/show_bug.cgi?id=2255850",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878",
"https://security.netapp.com/advisory/ntap-20240125-0006/",
"https://ubuntu.com/security/CVE-2023-51767"
],
"score": 7,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.",
"vector_string": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-Other"
}
}
}