[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2011-2526":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":531,"aliases":532,"duplicate_of":9,"upstream":534,"downstream":535,"duplicates":548,"related":549,"reserved_at":9,"published_at":550,"modified_at":551,"state":552,"summary":553,"references_raw":562,"kevs":814,"epss":815,"epss_history":818,"metrics":1077,"affected":1082},"CVE-2011-2526","Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-20","Improper Input Validation","The product receives input or data, but it does\n        not validate or incorrectly validates that the input has the\n        properties that are required to process the data safely and\n        correctly.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,232,236,240,244,248,252,256,260,264,268,272,276,280,284,325,329,333,381,385,389,393,397,401,451,455,459,463,467,471,475,479,483,487,491,495,499,503,507,511,515,519,523,527],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-101","Server Side Include (SSI) Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-104","Cross Zone Scripting",[],{"id":33,"name":34,"techniques":35},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-109","Object Relational Mapping Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":45,"name":46,"techniques":47},"CAPEC-120","Double Encoding",[],{"id":49,"name":50,"techniques":51},"CAPEC-13","Subverting Environment Variable Values",[52,150,192],{"id":53,"name":54,"tactics":55,"countermeasures":62},"T1562.003","Impair Command History Logging",[56,59],{"id":57,"name":58},"TA0030","Defense Evasion",{"id":60,"name":61},"TA0005","Stealth",[63,68,73,77,81,85,90,94,99,104,108,112,117,121,126,130,134,138,142,146],{"id":64,"name":65,"tactic":66},"D3-CI","Configuration Inventory",{"name":67},"Model",{"id":69,"name":70,"tactic":71},"D3-FA","File Analysis",{"name":72},"Detect",{"id":74,"name":75,"tactic":76},"D3-FIM","File Integrity Monitoring",{"name":72},{"id":78,"name":79,"tactic":80},"D3-DA","Dynamic Analysis",{"name":72},{"id":82,"name":83,"tactic":84},"D3-EFA","Emulated File Analysis",{"name":72},{"id":86,"name":87,"tactic":88},"D3-FEV","File Eviction",{"name":89},"Evict",{"id":91,"name":92,"tactic":93},"D3-RKD","Registry Key Deletion",{"name":89},{"id":95,"name":96,"tactic":97},"D3-DF","Decoy File",{"name":98},"Deceive",{"id":100,"name":101,"tactic":102},"D3-DRA","Disable Remote Access",{"name":103},"Harden",{"id":105,"name":106,"tactic":107},"D3-ACH","Application Configuration Hardening",{"name":103},{"id":109,"name":110,"tactic":111},"D3-FE","File Encryption",{"name":103},{"id":113,"name":114,"tactic":115},"D3-RC","Restore Configuration",{"name":116},"Restore",{"id":118,"name":119,"tactic":120},"D3-RF","Restore File",{"name":116},{"id":122,"name":123,"tactic":124},"D3-CQ","Content Quarantine",{"name":125},"Isolate",{"id":127,"name":128,"tactic":129},"D3-CF","Content Filtering",{"name":125},{"id":131,"name":132,"tactic":133},"D3-LFP","Local File Permissions",{"name":125},{"id":135,"name":136,"tactic":137},"D3-RFAM","Remote File Access Mediation",{"name":125},{"id":139,"name":140,"tactic":141},"D3-CM","Content Modification",{"name":125},{"id":143,"name":144,"tactic":145},"D3-EAL","Executable Allowlisting",{"name":125},{"id":147,"name":148,"tactic":149},"D3-EDL","Executable Denylisting",{"name":125},{"id":151,"name":152,"tactics":153,"countermeasures":165},"T1574.006","Dynamic Linker Hijacking",[154,157,160,161,162],{"id":155,"name":156},"TA0110","Persistence",{"id":158,"name":159},"TA0111","Privilege Escalation",{"id":57,"name":58},{"id":60,"name":61},{"id":163,"name":164},"TA0104","Execution",[166,170,172,174,176,178,180,182,184,186,188,190],{"id":167,"name":168,"tactic":169},"D3-SFA","System File Analysis",{"name":72},{"id":69,"name":70,"tactic":171},{"name":72},{"id":74,"name":75,"tactic":173},{"name":72},{"id":86,"name":87,"tactic":175},{"name":89},{"id":95,"name":96,"tactic":177},{"name":98},{"id":109,"name":110,"tactic":179},{"name":103},{"id":118,"name":119,"tactic":181},{"name":116},{"id":127,"name":128,"tactic":183},{"name":125},{"id":131,"name":132,"tactic":185},{"name":125},{"id":135,"name":136,"tactic":187},{"name":125},{"id":122,"name":123,"tactic":189},{"name":125},{"id":139,"name":140,"tactic":191},{"name":125},{"id":193,"name":194,"tactics":195,"countermeasures":201},"T1574.007","Path Interception by PATH Environment Variable",[196,197,198,199,200],{"id":155,"name":156},{"id":158,"name":159},{"id":57,"name":58},{"id":60,"name":61},{"id":163,"name":164},[202,204,206,208,210,212,214,216,218,220,222,224,226,228,230],{"id":69,"name":70,"tactic":203},{"name":72},{"id":74,"name":75,"tactic":205},{"name":72},{"id":78,"name":79,"tactic":207},{"name":72},{"id":82,"name":83,"tactic":209},{"name":72},{"id":86,"name":87,"tactic":211},{"name":89},{"id":95,"name":96,"tactic":213},{"name":98},{"id":109,"name":110,"tactic":215},{"name":103},{"id":118,"name":119,"tactic":217},{"name":116},{"id":127,"name":128,"tactic":219},{"name":125},{"id":131,"name":132,"tactic":221},{"name":125},{"id":135,"name":136,"tactic":223},{"name":125},{"id":122,"name":123,"tactic":225},{"name":125},{"id":139,"name":140,"tactic":227},{"name":125},{"id":143,"name":144,"tactic":229},{"name":125},{"id":147,"name":148,"tactic":231},{"name":125},{"id":233,"name":234,"techniques":235},"CAPEC-135","Format String Injection",[],{"id":237,"name":238,"techniques":239},"CAPEC-136","LDAP Injection",[],{"id":241,"name":242,"techniques":243},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":245,"name":246,"techniques":247},"CAPEC-153","Input Data Manipulation",[],{"id":249,"name":250,"techniques":251},"CAPEC-182","Flash Injection",[],{"id":253,"name":254,"techniques":255},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":257,"name":258,"techniques":259},"CAPEC-22","Exploiting Trust in Client",[],{"id":261,"name":262,"techniques":263},"CAPEC-23","File Content Injection",[],{"id":265,"name":266,"techniques":267},"CAPEC-230","Serialized Data with Nested Payloads",[],{"id":269,"name":270,"techniques":271},"CAPEC-231","Oversized Serialized Data Payloads",[],{"id":273,"name":274,"techniques":275},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":277,"name":278,"techniques":279},"CAPEC-250","XML Injection",[],{"id":281,"name":282,"techniques":283},"CAPEC-261","Fuzzing for garnering other adjacent user/sensitive data",[],{"id":285,"name":286,"techniques":287},"CAPEC-267","Leverage Alternate Encoding",[288],{"id":289,"name":290,"tactics":291,"countermeasures":294},"T1027","Obfuscated Files or Information",[292,293],{"id":57,"name":58},{"id":60,"name":61},[295,297,299,301,303,305,307,309,311,313,315,317,319,321,323],{"id":69,"name":70,"tactic":296},{"name":72},{"id":74,"name":75,"tactic":298},{"name":72},{"id":78,"name":79,"tactic":300},{"name":72},{"id":82,"name":83,"tactic":302},{"name":72},{"id":86,"name":87,"tactic":304},{"name":89},{"id":95,"name":96,"tactic":306},{"name":98},{"id":109,"name":110,"tactic":308},{"name":103},{"id":118,"name":119,"tactic":310},{"name":116},{"id":127,"name":128,"tactic":312},{"name":125},{"id":131,"name":132,"tactic":314},{"name":125},{"id":135,"name":136,"tactic":316},{"name":125},{"id":122,"name":123,"tactic":318},{"name":125},{"id":139,"name":140,"tactic":320},{"name":125},{"id":143,"name":144,"tactic":322},{"name":125},{"id":147,"name":148,"tactic":324},{"name":125},{"id":326,"name":327,"techniques":328},"CAPEC-28","Fuzzing",[],{"id":330,"name":331,"techniques":332},"CAPEC-3","Using Leading 'Ghost' Character Sequences to Bypass Input Filters",[],{"id":334,"name":335,"techniques":336},"CAPEC-31","Accessing/Intercepting/Modifying HTTP Cookies",[337],{"id":338,"name":339,"tactics":340,"countermeasures":344},"T1539","Steal Web Session Cookie",[341],{"id":342,"name":343},"TA0031","Credential Access",[345,349,353,357,361,365,369,373,377],{"id":346,"name":347,"tactic":348},"D3-CCSA","Credential Compromise Scope Analysis",{"name":72},{"id":350,"name":351,"tactic":352},"D3-CR","Credential Revocation",{"name":89},{"id":354,"name":355,"tactic":356},"D3-ANCI","Authentication Cache Invalidation",{"name":89},{"id":358,"name":359,"tactic":360},"D3-DUC","Decoy User Credential",{"name":98},{"id":362,"name":363,"tactic":364},"D3-CH","Credential Hardening",{"name":103},{"id":366,"name":367,"tactic":368},"D3-MFA","Multi-factor Authentication",{"name":103},{"id":370,"name":371,"tactic":372},"D3-CRO","Credential Rotation",{"name":103},{"id":374,"name":375,"tactic":376},"D3-RIC","Reissue Credential",{"name":116},{"id":378,"name":379,"tactic":380},"D3-CTS","Credential Transmission Scoping",{"name":125},{"id":382,"name":383,"techniques":384},"CAPEC-42","MIME Conversion",[],{"id":386,"name":387,"techniques":388},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":390,"name":391,"techniques":392},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":394,"name":395,"techniques":396},"CAPEC-46","Overflow Variables and Tags",[],{"id":398,"name":399,"techniques":400},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":402,"name":403,"techniques":404},"CAPEC-473","Signature Spoof",[405,442],{"id":406,"name":407,"tactics":408,"countermeasures":411},"T1036.001","Invalid Code Signature",[409,410],{"id":57,"name":58},{"id":60,"name":61},[412,414,416,418,420,422,424,426,428,430,432,434,436,438,440],{"id":69,"name":70,"tactic":413},{"name":72},{"id":74,"name":75,"tactic":415},{"name":72},{"id":78,"name":79,"tactic":417},{"name":72},{"id":82,"name":83,"tactic":419},{"name":72},{"id":86,"name":87,"tactic":421},{"name":89},{"id":95,"name":96,"tactic":423},{"name":98},{"id":109,"name":110,"tactic":425},{"name":103},{"id":118,"name":119,"tactic":427},{"name":116},{"id":127,"name":128,"tactic":429},{"name":125},{"id":131,"name":132,"tactic":431},{"name":125},{"id":135,"name":136,"tactic":433},{"name":125},{"id":122,"name":123,"tactic":435},{"name":125},{"id":139,"name":140,"tactic":437},{"name":125},{"id":143,"name":144,"tactic":439},{"name":125},{"id":147,"name":148,"tactic":441},{"name":125},{"id":443,"name":444,"tactics":445,"countermeasures":450},"T1553.002","Code Signing",[446,447],{"id":57,"name":58},{"id":448,"name":449},"TA0112","Defense Impairment",[],{"id":452,"name":453,"techniques":454},"CAPEC-52","Embedding NULL Bytes",[],{"id":456,"name":457,"techniques":458},"CAPEC-53","Postfix, Null Terminate, and Backslash",[],{"id":460,"name":461,"techniques":462},"CAPEC-588","DOM-Based XSS",[],{"id":464,"name":465,"techniques":466},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":468,"name":469,"techniques":470},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":472,"name":473,"techniques":474},"CAPEC-664","Server Side Request Forgery",[],{"id":476,"name":477,"techniques":478},"CAPEC-67","String Format Overflow in syslog()",[],{"id":480,"name":481,"techniques":482},"CAPEC-7","Blind SQL Injection",[],{"id":484,"name":485,"techniques":486},"CAPEC-71","Using Unicode Encoding to Bypass Validation Logic",[],{"id":488,"name":489,"techniques":490},"CAPEC-72","URL Encoding",[],{"id":492,"name":493,"techniques":494},"CAPEC-73","User-Controlled Filename",[],{"id":496,"name":497,"techniques":498},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":500,"name":501,"techniques":502},"CAPEC-79","Using Slashes in Alternate Encoding",[],{"id":504,"name":505,"techniques":506},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":508,"name":509,"techniques":510},"CAPEC-80","Using UTF-8 Encoding to Bypass Validation Logic",[],{"id":512,"name":513,"techniques":514},"CAPEC-81","Web Server Logs Tampering",[],{"id":516,"name":517,"techniques":518},"CAPEC-83","XPath Injection",[],{"id":520,"name":521,"techniques":522},"CAPEC-85","AJAX Footprinting",[],{"id":524,"name":525,"techniques":526},"CAPEC-88","OS Command Injection",[],{"id":528,"name":529,"techniques":530},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[533],"GHSA-9ggm-7897-x4mg",[],[536,538,540,542,544,546],{"_key":537},"RHSA-2011:1780",{"_key":539},"RHSA-2012:0074",{"_key":541},"RHSA-2012:0076",{"_key":543},"RHSA-2012:0680",{"_key":545},"RHSA-2012:0682",{"_key":547},"DSA-2401-1",[],[],"2011-07-14T23:00:00.000Z","2024-08-06T23:00:34.252Z","Modified",{"cisa_kev":554,"cisa_ransomware":554,"cisa_vendor":9,"epss_severity":555,"epss_score":556,"severity":557,"severity_score":558,"severity_version":559,"severity_source":560,"severity_vector":561,"severity_status":552},false,"low",0.0013,"medium",4.4,"v2.0","nvd","AV:L/AC:M/Au:N/C:P/I:P/A:P",[563,570,579,585,591,596,601,605,610,614,618,622,626,630,634,638,642,646,650,654,660,664,669,674,678,682,686,690,695,699,703,708,713,717,721,725,730,734,738,742,746,750,754,758,762,766,770,774,778,782,786,790,794,798,802,806,810],{"url":564,"sources":565,"tags":567},"http://secunia.com/advisories/45232",[566,560],"cve.org",[568,569],"Third Party Advisory","X Refsource SECUNIA",{"url":571,"sources":572,"tags":574},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514",[566,560,573],"osv_maven",[575,576,577,578],"VDB Entry","Signature","X Refsource OVAL","WEB",{"url":580,"sources":581,"tags":582},"http://svn.apache.org/viewvc?view=revision&revision=1145383",[566,560,573],[583,584,578],"X Refsource CONFIRM","Patch",{"url":586,"sources":587,"tags":588},"http://www.mandriva.com/security/advisories?name=MDVSA-2011:156",[566,560,573],[589,590,578],"Vendor Advisory","X Refsource MANDRIVA",{"url":592,"sources":593,"tags":594},"http://www.debian.org/security/2012/dsa-2401",[566,560,573],[589,595,578],"X Refsource DEBIAN",{"url":597,"sources":598,"tags":599},"http://rhn.redhat.com/errata/RHSA-2012-0325.html",[566,560],[589,600],"X Refsource REDHAT",{"url":602,"sources":603,"tags":604},"http://secunia.com/advisories/48308",[566,560],[568,569],{"url":606,"sources":607,"tags":608},"http://marc.info/?l=bugtraq&m=136485229118404&w=2",[566,560,573],[589,609,578],"X Refsource HP",{"url":611,"sources":612,"tags":613},"http://rhn.redhat.com/errata/RHSA-2012-0078.html",[566,560],[589,600],{"url":615,"sources":616,"tags":617},"http://rhn.redhat.com/errata/RHSA-2012-0075.html",[566,560],[589,600],{"url":619,"sources":620,"tags":621},"http://rhn.redhat.com/errata/RHSA-2012-0074.html",[566,560],[589,600],{"url":623,"sources":624,"tags":625},"http://tomcat.apache.org/security-7.html",[566,560,573],[583,578],{"url":627,"sources":628,"tags":629},"http://marc.info/?l=bugtraq&m=133469267822771&w=2",[566,560,573],[589,609,578],{"url":631,"sources":632,"tags":633},"http://svn.apache.org/viewvc?view=revision&revision=1146005",[566,560,573],[583,584,578],{"url":635,"sources":636,"tags":637},"http://svn.apache.org/viewvc?view=revision&revision=1145571",[566,560,573],[583,584,578],{"url":639,"sources":640,"tags":641},"http://marc.info/?l=bugtraq&m=132215163318824&w=2",[566,560,573],[589,609,578],{"url":643,"sources":644,"tags":645},"http://tomcat.apache.org/security-6.html",[566,560,573],[583,578],{"url":647,"sources":648,"tags":649},"http://secunia.com/advisories/57126",[566,560],[568,569],{"url":651,"sources":652,"tags":653},"https://bugzilla.redhat.com/show_bug.cgi?id=720948",[566,560,573],[583,584,578],{"url":655,"sources":656,"tags":657},"http://www.securityfocus.com/archive/1/518889/100/0/threaded",[566,560],[658,659],"Mailing List","X Refsource BUGTRAQ",{"url":661,"sources":662,"tags":663},"http://tomcat.apache.org/security-5.html",[566,560,573],[583,578],{"url":665,"sources":666,"tags":667},"http://osvdb.org/73797",[566,560],[575,668],"X Refsource OSVDB",{"url":670,"sources":671,"tags":672},"https://exchange.xforce.ibmcloud.com/vulnerabilities/68541",[566,560,573],[575,673,578],"X Refsource XF",{"url":675,"sources":676,"tags":677},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573",[566,560,573],[575,576,577,578],{"url":679,"sources":680,"tags":681},"http://svn.apache.org/viewvc?view=revision&revision=1145694",[566,560,573],[583,584,578],{"url":683,"sources":684,"tags":685},"http://osvdb.org/73798",[566,560],[575,668],{"url":687,"sources":688,"tags":689},"http://rhn.redhat.com/errata/RHSA-2012-0076.html",[566,560],[589,600],{"url":691,"sources":692,"tags":693},"http://www.securitytracker.com/id?1025788",[566,560],[575,694],"X Refsource SECTRACK",{"url":696,"sources":697,"tags":698},"http://marc.info/?l=bugtraq&m=139344343412337&w=2",[566,560,573],[589,609,578],{"url":700,"sources":701,"tags":702},"http://rhn.redhat.com/errata/RHSA-2012-0077.html",[566,560],[589,600],{"url":704,"sources":705,"tags":706},"http://www.securityfocus.com/bid/48667",[566,560],[575,707],"X Refsource BID",{"url":709,"sources":710,"tags":711},"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",[566,560],[658,712],"X Refsource MLIST",{"url":714,"sources":715,"tags":716},"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",[566,560],[658,712],{"url":718,"sources":719,"tags":720},"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",[566,560],[658,712],{"url":722,"sources":723,"tags":724},"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",[566,560],[658,712],{"url":726,"sources":727,"tags":728},"https://nvd.nist.gov/vuln/detail/CVE-2011-2526",[573],[729],"Advisory",{"url":731,"sources":732,"tags":733},"https://github.com/apache/tomcat/commit/1d372c881eafd9ffe729996f8560fd5fe50cd39d",[573],[578],{"url":735,"sources":736,"tags":737},"https://github.com/apache/tomcat/commit/2e69497fa7b1444632c6dadb64a4a82e18478ee6",[573],[578],{"url":739,"sources":740,"tags":741},"https://github.com/apache/tomcat/commit/48dded4ab1209a030770ab67a789d3b2528b6329",[573],[578],{"url":743,"sources":744,"tags":745},"https://github.com/apache/tomcat/commit/ff8789737a0a64c12d68929497f16d8021052048",[573],[578],{"url":747,"sources":748,"tags":749},"https://github.com/apache/tomcat55/commit/e67f6882118f2a8285e4e8acd050dad64a3ef3e4",[573],[578],{"url":751,"sources":752,"tags":753},"https://web.archive.org/web/20161107143207/http://www.securitytracker.com/id?1025788",[573],[578],{"url":755,"sources":756,"tags":757},"https://web.archive.org/web/20160101195415/http://rhn.redhat.com/errata/RHSA-2012-0325.html",[573],[578],{"url":759,"sources":760,"tags":761},"https://web.archive.org/web/20160101172638/http://rhn.redhat.com/errata/RHSA-2012-0077.html",[573],[578],{"url":763,"sources":764,"tags":765},"https://web.archive.org/web/20160101172212/http://rhn.redhat.com/errata/RHSA-2012-0078.html",[573],[578],{"url":767,"sources":768,"tags":769},"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126",[573],[578],{"url":771,"sources":772,"tags":773},"https://web.archive.org/web/20140802025928/http://secunia.com/advisories/48308",[573],[578],{"url":775,"sources":776,"tags":777},"https://web.archive.org/web/20121025191346/http://secunia.com/advisories/45232",[573],[578],{"url":779,"sources":780,"tags":781},"https://web.archive.org/web/20111110135231/http://www.securityfocus.com/archive/1/518889/100/0/threaded",[573],[578],{"url":783,"sources":784,"tags":785},"https://web.archive.org/web/20110717104325/http://www.securityfocus.com/bid/48667",[573],[578],{"url":787,"sources":788,"tags":789},"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E",[573],[578],{"url":791,"sources":792,"tags":793},"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E",[573],[578],{"url":795,"sources":796,"tags":797},"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E",[573],[578],{"url":799,"sources":800,"tags":801},"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E",[573],[578],{"url":803,"sources":804,"tags":805},"https://access.redhat.com/errata/RHSA-2012:0076",[573],[578],{"url":807,"sources":808,"tags":809},"https://access.redhat.com/errata/RHSA-2012:0075",[573],[578],{"url":811,"sources":812,"tags":813},"https://access.redhat.com/errata/RHSA-2012:0074",[573],[578],[],{"date":816,"score":556,"percentile":817},"2026-06-04",0.31954,[819,822,825,828,831,834,837,840,843,846,849,852,855,858,861,864,867,870,873,875,878,881,884,887,890,893,896,899,902,904,907,910,913,916,919,922,925,928,931,934,937,940,943,945,948,951,954,957,960,963,965,967,970,973,976,979,982,985,987,990,992,995,998,1001,1004,1006,1009,1012,1014,1017,1019,1022,1025,1027,1030,1033,1036,1039,1042,1045,1048,1051,1054,1056,1059,1062,1065,1068,1071,1074],{"date":820,"score":556,"percentile":821},"2025-11-04",0.3322,{"date":823,"score":556,"percentile":824},"2025-11-05",0.33205,{"date":826,"score":556,"percentile":827},"2025-11-06",0.33204,{"date":829,"score":556,"percentile":830},"2025-11-07",0.33221,{"date":832,"score":556,"percentile":833},"2025-11-08",0.33222,{"date":835,"score":556,"percentile":836},"2025-11-09",0.33199,{"date":838,"score":556,"percentile":839},"2025-11-10",0.33146,{"date":841,"score":556,"percentile":842},"2025-11-11",0.33171,{"date":844,"score":556,"percentile":845},"2025-11-12",0.33218,{"date":847,"score":556,"percentile":848},"2025-11-13",0.33232,{"date":850,"score":556,"percentile":851},"2025-11-14",0.33237,{"date":853,"score":556,"percentile":854},"2025-11-15",0.33236,{"date":856,"score":556,"percentile":857},"2025-11-16",0.33206,{"date":859,"score":556,"percentile":860},"2025-11-17",0.33178,{"date":862,"score":556,"percentile":863},"2025-11-18",0.27336,{"date":865,"score":556,"percentile":866},"2025-11-19",0.27359,{"date":868,"score":556,"percentile":869},"2025-11-20",0.27366,{"date":871,"score":556,"percentile":872},"2025-11-21",0.33217,{"date":874,"score":556,"percentile":833},"2025-11-22",{"date":876,"score":556,"percentile":877},"2025-11-23",0.33189,{"date":879,"score":556,"percentile":880},"2025-11-24",0.33163,{"date":882,"score":556,"percentile":883},"2025-11-25",0.3316,{"date":885,"score":556,"percentile":886},"2025-11-26",0.33159,{"date":888,"score":556,"percentile":889},"2025-11-27",0.33166,{"date":891,"score":556,"percentile":892},"2025-11-28",0.33147,{"date":894,"score":556,"percentile":895},"2025-11-29",0.33129,{"date":897,"score":556,"percentile":898},"2025-11-30",0.33105,{"date":900,"score":556,"percentile":901},"2025-12-01",0.33197,{"date":903,"score":556,"percentile":857},"2025-12-02",{"date":905,"score":556,"percentile":906},"2025-12-03",0.33202,{"date":908,"score":556,"percentile":909},"2025-12-04",0.33104,{"date":911,"score":556,"percentile":912},"2025-12-05",0.33135,{"date":914,"score":556,"percentile":915},"2025-12-06",0.3314,{"date":917,"score":556,"percentile":918},"2025-12-07",0.33119,{"date":920,"score":556,"percentile":921},"2025-12-08",0.33131,{"date":923,"score":556,"percentile":924},"2025-12-09",0.3318,{"date":926,"score":556,"percentile":927},"2025-12-10",0.33238,{"date":929,"score":556,"percentile":930},"2025-12-11",0.33259,{"date":932,"score":556,"percentile":933},"2025-12-12",0.33289,{"date":935,"score":556,"percentile":936},"2025-12-13",0.33273,{"date":938,"score":556,"percentile":939},"2025-12-14",0.33246,{"date":941,"score":556,"percentile":942},"2025-12-15",0.33196,{"date":944,"score":556,"percentile":833},"2025-12-16",{"date":946,"score":556,"percentile":947},"2025-12-17",0.3328,{"date":949,"score":556,"percentile":950},"2025-12-18",0.3333,{"date":952,"score":556,"percentile":953},"2025-12-19",0.33352,{"date":955,"score":556,"percentile":956},"2025-12-20",0.33337,{"date":958,"score":556,"percentile":959},"2025-12-21",0.33279,{"date":961,"score":556,"percentile":962},"2025-12-22",0.33249,{"date":964,"score":556,"percentile":939},"2025-12-23",{"date":966,"score":556,"percentile":927},"2025-12-24",{"date":968,"score":556,"percentile":969},"2025-12-25",0.33305,{"date":971,"score":556,"percentile":972},"2025-12-26",0.33287,{"date":974,"score":556,"percentile":975},"2025-12-27",0.33295,{"date":977,"score":556,"percentile":978},"2025-12-28",0.33198,{"date":980,"score":556,"percentile":981},"2025-12-29",0.33164,{"date":983,"score":556,"percentile":984},"2025-12-30",0.33156,{"date":986,"score":556,"percentile":824},"2025-12-31",{"date":988,"score":556,"percentile":989},"2026-01-01",0.33351,{"date":991,"score":556,"percentile":956},"2026-01-02",{"date":993,"score":556,"percentile":994},"2026-01-03",0.33323,{"date":996,"score":556,"percentile":997},"2026-01-04",0.33182,{"date":999,"score":556,"percentile":1000},"2026-01-05",0.33167,{"date":1002,"score":556,"percentile":1003},"2026-01-06",0.33179,{"date":1005,"score":556,"percentile":836},"2026-01-07",{"date":1007,"score":556,"percentile":1008},"2026-01-08",0.33229,{"date":1010,"score":556,"percentile":1011},"2026-01-09",0.33231,{"date":1013,"score":556,"percentile":1011},"2026-01-10",{"date":1015,"score":556,"percentile":1016},"2026-01-11",0.33209,{"date":1018,"score":556,"percentile":915},"2026-01-12",{"date":1020,"score":556,"percentile":1021},"2026-01-13",0.33126,{"date":1023,"score":556,"percentile":1024},"2026-01-14",0.33168,{"date":1026,"score":556,"percentile":981},"2026-01-15",{"date":1028,"score":556,"percentile":1029},"2026-01-16",0.33184,{"date":1031,"score":556,"percentile":1032},"2026-01-17",0.33169,{"date":1034,"score":556,"percentile":1035},"2026-01-18",0.33106,{"date":1037,"score":556,"percentile":1038},"2026-01-19",0.33073,{"date":1040,"score":556,"percentile":1041},"2026-01-20",0.33058,{"date":1043,"score":556,"percentile":1044},"2026-01-21",0.33015,{"date":1046,"score":556,"percentile":1047},"2026-01-22",0.32989,{"date":1049,"score":556,"percentile":1050},"2026-01-23",0.33054,{"date":1052,"score":556,"percentile":1053},"2026-01-24",0.33062,{"date":1055,"score":556,"percentile":1047},"2026-01-25",{"date":1057,"score":556,"percentile":1058},"2026-01-26",0.32907,{"date":1060,"score":556,"percentile":1061},"2026-01-27",0.32896,{"date":1063,"score":556,"percentile":1064},"2026-01-28",0.32869,{"date":1066,"score":556,"percentile":1067},"2026-01-29",0.3283,{"date":1069,"score":556,"percentile":1070},"2026-01-30",0.32816,{"date":1072,"score":556,"percentile":1073},"2026-01-31",0.32827,{"date":1075,"score":556,"percentile":1076},"2026-02-01",0.32919,[1078],{"source":560,"cvss_v2_0":1079,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":558,"baseSeverity":9,"vectorString":561,"impactScore":1080,"exploitabilityScore":1081},6.4,3.4,[1083,1247],{"ecosystem":9,"name":1084,"vendor":9,"product":1084,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1085},"Tomcat",[1086,1089,1091,1093,1095,1097,1099,1101,1103,1105,1107,1109,1111,1113,1115,1117,1119,1121,1123,1125,1127,1129,1131,1133,1135,1137,1139,1141,1143,1145,1147,1149,1151,1153,1155,1157,1159,1161,1163,1165,1167,1169,1171,1173,1175,1177,1179,1181,1183,1185,1187,1189,1191,1193,1195,1197,1199,1201,1203,1205,1207,1209,1211,1213,1215,1217,1219,1221,1223,1225,1227,1229,1231,1233,1235,1237,1239,1241,1243,1245],{"version":1087,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.0","cpe",{"version":1090,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.1",{"version":1092,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.2",{"version":1094,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.3",{"version":1096,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.4",{"version":1098,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.5",{"version":1100,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.6",{"version":1102,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.7",{"version":1104,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.8",{"version":1106,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.9",{"version":1108,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.10",{"version":1110,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.11",{"version":1112,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.12",{"version":1114,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.13",{"version":1116,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.14",{"version":1118,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.15",{"version":1120,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.16",{"version":1122,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.17",{"version":1124,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.18",{"version":1126,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.19",{"version":1128,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.20",{"version":1130,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.21",{"version":1132,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.22",{"version":1134,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.23",{"version":1136,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.24",{"version":1138,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.25",{"version":1140,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.26",{"version":1142,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.27",{"version":1144,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.28",{"version":1146,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.29",{"version":1148,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.30",{"version":1150,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.31",{"version":1152,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.32",{"version":1154,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.33",{"version":1156,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0",{"version":1158,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.0",{"version":1160,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.1",{"version":1162,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.2",{"version":1164,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.3",{"version":1166,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.4",{"version":1168,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.5",{"version":1170,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.6",{"version":1172,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.7",{"version":1174,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.8",{"version":1176,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.9",{"version":1178,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.10",{"version":1180,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.11",{"version":1182,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.12",{"version":1184,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.13",{"version":1186,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.14",{"version":1188,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.15",{"version":1190,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.16",{"version":1192,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.17",{"version":1194,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.18",{"version":1196,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.19",{"version":1198,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.20",{"version":1200,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.24",{"version":1202,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.26",{"version":1204,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.27",{"version":1206,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.28",{"version":1208,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.29",{"version":1210,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.30",{"version":1212,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.31",{"version":1214,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.32",{"version":1216,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.0",{"version":1218,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.0:beta",{"version":1220,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.1",{"version":1222,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.2",{"version":1224,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.3",{"version":1226,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.4",{"version":1228,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.5",{"version":1230,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.6",{"version":1232,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.7",{"version":1234,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.8",{"version":1236,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.9",{"version":1238,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.10",{"version":1240,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.11",{"version":1242,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.12",{"version":1244,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.14",{"version":1246,"is_range":554,"range_type":1088,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.17",{"ecosystem":1248,"name":1249,"vendor":1250,"product":1251,"cpe_part":9,"purl_type":1252,"purl_namespace":1250,"purl_name":1251,"source":9,"versions":1253},"Maven","org.apache.tomcat:tomcat","org.apache.tomcat","tomcat","maven",[1254,1260,1264],{"version":1255,"is_range":1256,"range_type":1257,"version_start":9,"version_start_type":9,"version_end":1258,"version_end_type":1259,"fixed_in":9},"lt5_5_34",true,"ecosystem","5.5.34","excluding",{"version":1261,"is_range":1256,"range_type":1257,"version_start":1158,"version_start_type":1262,"version_end":1263,"version_end_type":1259,"fixed_in":9},"gte6_0_0_lt6_0_33","including","6.0.33",{"version":1265,"is_range":1256,"range_type":1257,"version_start":1216,"version_start_type":1262,"version_end":1266,"version_end_type":1259,"fixed_in":9},"gte7_0_0_lt7_0_19","7.0.19"]