[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2013-2067":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":660,"aliases":661,"duplicate_of":9,"upstream":663,"downstream":664,"duplicates":683,"related":684,"reserved_at":9,"published_at":686,"modified_at":687,"state":688,"summary":689,"references_raw":697,"kevs":832,"epss":833,"epss_history":836,"metrics":1096,"affected":1101},"CVE-2013-2067","java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-287","Improper Authentication","When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.","weakness","Draft","Class","High",[20,182,261,265,269,273,292,481,543,627],{"id":21,"name":22,"techniques":23},"CAPEC-114","Authentication Abuse",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1548","Abuse Elevation Control Mechanism",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,61,65,69,73,77,81,85,89,94,98,103,108,112,116,120,125,129,133,137,141,146,150,154,158,162,166,170,174,178],{"id":36,"name":37,"tactic":38},"D3-CI","Configuration Inventory",{"name":39},"Model",{"id":41,"name":42,"tactic":43},"D3-AM","Access Modeling",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DI","Data Inventory",{"name":39},{"id":49,"name":50,"tactic":51},"D3-NTPM","Network Traffic Policy Mapping",{"name":39},{"id":53,"name":54,"tactic":55},"D3-AEM","Application Exception Monitoring",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SCA","System Call Analysis",{"name":56},{"id":62,"name":63,"tactic":64},"D3-SFA","System File Analysis",{"name":56},{"id":66,"name":67,"tactic":68},"D3-FA","File Analysis",{"name":56},{"id":70,"name":71,"tactic":72},"D3-FIM","File Integrity Monitoring",{"name":56},{"id":74,"name":75,"tactic":76},"D3-OPM","Operational Process Monitoring",{"name":56},{"id":78,"name":79,"tactic":80},"D3-DA","Dynamic Analysis",{"name":56},{"id":82,"name":83,"tactic":84},"D3-EFA","Emulated File Analysis",{"name":56},{"id":86,"name":87,"tactic":88},"D3-PSA","Process Spawn Analysis",{"name":56},{"id":90,"name":91,"tactic":92},"D3-FEV","File Eviction",{"name":93},"Evict",{"id":95,"name":96,"tactic":97},"D3-AL","Account Locking",{"name":93},{"id":99,"name":100,"tactic":101},"D3-DF","Decoy File",{"name":102},"Deceive",{"id":104,"name":105,"tactic":106},"D3-FE","File Encryption",{"name":107},"Harden",{"id":109,"name":110,"tactic":111},"D3-AA","Agent Authentication",{"name":107},{"id":113,"name":114,"tactic":115},"D3-CDP","Change Default Password",{"name":107},{"id":117,"name":118,"tactic":119},"D3-SCP","System Configuration Permissions",{"name":107},{"id":121,"name":122,"tactic":123},"D3-RC","Restore Configuration",{"name":124},"Restore",{"id":126,"name":127,"tactic":128},"D3-RF","Restore File",{"name":124},{"id":130,"name":131,"tactic":132},"D3-ULA","Unlock Account",{"name":124},{"id":134,"name":135,"tactic":136},"D3-RUAA","Restore User Account Access",{"name":124},{"id":138,"name":139,"tactic":140},"D3-RD","Restore Database",{"name":124},{"id":142,"name":143,"tactic":144},"D3-SCF","System Call Filtering",{"name":145},"Isolate",{"id":147,"name":148,"tactic":149},"D3-CF","Content Filtering",{"name":145},{"id":151,"name":152,"tactic":153},"D3-LFP","Local File Permissions",{"name":145},{"id":155,"name":156,"tactic":157},"D3-RFAM","Remote File Access Mediation",{"name":145},{"id":159,"name":160,"tactic":161},"D3-CQ","Content Quarantine",{"name":145},{"id":163,"name":164,"tactic":165},"D3-CM","Content Modification",{"name":145},{"id":167,"name":168,"tactic":169},"D3-UAP","User Account Permissions",{"name":145},{"id":171,"name":172,"tactic":173},"D3-EAL","Executable Allowlisting",{"name":145},{"id":175,"name":176,"tactic":177},"D3-EDL","Executable Denylisting",{"name":145},{"id":179,"name":180,"tactic":181},"D3-HBPI","Hardware-based Process Isolation",{"name":145},{"id":183,"name":184,"techniques":185},"CAPEC-115","Authentication Bypass",[186],{"id":25,"name":26,"tactics":187,"countermeasures":190},[188,189],{"id":29,"name":30},{"id":32,"name":33},[191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259],{"id":36,"name":37,"tactic":192},{"name":39},{"id":41,"name":42,"tactic":194},{"name":39},{"id":45,"name":46,"tactic":196},{"name":39},{"id":49,"name":50,"tactic":198},{"name":39},{"id":53,"name":54,"tactic":200},{"name":56},{"id":58,"name":59,"tactic":202},{"name":56},{"id":62,"name":63,"tactic":204},{"name":56},{"id":66,"name":67,"tactic":206},{"name":56},{"id":70,"name":71,"tactic":208},{"name":56},{"id":74,"name":75,"tactic":210},{"name":56},{"id":78,"name":79,"tactic":212},{"name":56},{"id":82,"name":83,"tactic":214},{"name":56},{"id":86,"name":87,"tactic":216},{"name":56},{"id":90,"name":91,"tactic":218},{"name":93},{"id":95,"name":96,"tactic":220},{"name":93},{"id":99,"name":100,"tactic":222},{"name":102},{"id":104,"name":105,"tactic":224},{"name":107},{"id":109,"name":110,"tactic":226},{"name":107},{"id":113,"name":114,"tactic":228},{"name":107},{"id":117,"name":118,"tactic":230},{"name":107},{"id":121,"name":122,"tactic":232},{"name":124},{"id":126,"name":127,"tactic":234},{"name":124},{"id":130,"name":131,"tactic":236},{"name":124},{"id":134,"name":135,"tactic":238},{"name":124},{"id":138,"name":139,"tactic":240},{"name":124},{"id":142,"name":143,"tactic":242},{"name":145},{"id":147,"name":148,"tactic":244},{"name":145},{"id":151,"name":152,"tactic":246},{"name":145},{"id":155,"name":156,"tactic":248},{"name":145},{"id":159,"name":160,"tactic":250},{"name":145},{"id":163,"name":164,"tactic":252},{"name":145},{"id":167,"name":168,"tactic":254},{"name":145},{"id":171,"name":172,"tactic":256},{"name":145},{"id":175,"name":176,"tactic":258},{"name":145},{"id":179,"name":180,"tactic":260},{"name":145},{"id":262,"name":263,"techniques":264},"CAPEC-151","Identity Spoofing",[],{"id":266,"name":267,"techniques":268},"CAPEC-194","Fake the Source of Data",[],{"id":270,"name":271,"techniques":272},"CAPEC-22","Exploiting Trust in Client",[],{"id":274,"name":275,"techniques":276},"CAPEC-57","Utilizing REST's Trust in the System Resource to Obtain Sensitive Data",[277],{"id":278,"name":279,"tactics":280,"countermeasures":287},"T1040","Network Sniffing",[281,284],{"id":282,"name":283},"TA0031","Credential Access",{"id":285,"name":286},"TA0102","Discovery",[288],{"id":289,"name":290,"tactic":291},"D3-DNSTA","DNS Traffic Analysis",{"name":56},{"id":293,"name":294,"techniques":295},"CAPEC-593","Session Hijacking",[296,340,453],{"id":297,"name":298,"tactics":299,"countermeasures":303},"T1185","Browser Session Hijacking",[300],{"id":301,"name":302},"TA0100","Collection",[304,308,312,316,320,324,328,332,336],{"id":305,"name":306,"tactic":307},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":56},{"id":309,"name":310,"tactic":311},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":56},{"id":313,"name":314,"tactic":315},"D3-CSPP","Client-server Payload Profiling",{"name":56},{"id":317,"name":318,"tactic":319},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":56},{"id":321,"name":322,"tactic":323},"D3-NTSA","Network Traffic Signature Analysis",{"name":56},{"id":325,"name":326,"tactic":327},"D3-APCA","Application Protocol Command Analysis",{"name":56},{"id":329,"name":330,"tactic":331},"D3-NTCD","Network Traffic Community Deviation",{"name":56},{"id":333,"name":334,"tactic":335},"D3-RTSD","Remote Terminal Session Detection",{"name":56},{"id":337,"name":338,"tactic":339},"D3-NTF","Network Traffic Filtering",{"name":145},{"id":341,"name":342,"tactics":343,"countermeasures":348},"T1550.001","Application Access Token",[344,345],{"id":29,"name":30},{"id":346,"name":347},"TA0109","Lateral Movement",[349,353,357,359,363,365,367,369,371,373,375,377,379,383,387,391,395,399,403,407,411,415,419,423,427,431,435,437,439,443,447,451],{"id":350,"name":351,"tactic":352},"D3-PLA","Process Lineage Analysis",{"name":56},{"id":354,"name":355,"tactic":356},"D3-PSMD","Process Self-Modification Detection",{"name":56},{"id":86,"name":87,"tactic":358},{"name":56},{"id":360,"name":361,"tactic":362},"D3-CCSA","Credential Compromise Scope Analysis",{"name":56},{"id":305,"name":306,"tactic":364},{"name":56},{"id":309,"name":310,"tactic":366},{"name":56},{"id":313,"name":314,"tactic":368},{"name":56},{"id":317,"name":318,"tactic":370},{"name":56},{"id":321,"name":322,"tactic":372},{"name":56},{"id":325,"name":326,"tactic":374},{"name":56},{"id":329,"name":330,"tactic":376},{"name":56},{"id":333,"name":334,"tactic":378},{"name":56},{"id":380,"name":381,"tactic":382},"D3-PT","Process Termination",{"name":93},{"id":384,"name":385,"tactic":386},"D3-PS","Process Suspension",{"name":93},{"id":388,"name":389,"tactic":390},"D3-HR","Host Reboot",{"name":93},{"id":392,"name":393,"tactic":394},"D3-HS","Host Shutdown",{"name":93},{"id":396,"name":397,"tactic":398},"D3-CR","Credential Revocation",{"name":93},{"id":400,"name":401,"tactic":402},"D3-ANCI","Authentication Cache Invalidation",{"name":93},{"id":404,"name":405,"tactic":406},"D3-DUC","Decoy User Credential",{"name":102},{"id":408,"name":409,"tactic":410},"D3-CH","Credential Hardening",{"name":107},{"id":412,"name":413,"tactic":414},"D3-MFA","Multi-factor Authentication",{"name":107},{"id":416,"name":417,"tactic":418},"D3-CRO","Credential Rotation",{"name":107},{"id":420,"name":421,"tactic":422},"D3-TB","Token Binding",{"name":107},{"id":424,"name":425,"tactic":426},"D3-TBA","Token-based Authentication",{"name":107},{"id":428,"name":429,"tactic":430},"D3-RIC","Reissue Credential",{"name":124},{"id":432,"name":433,"tactic":434},"D3-KBPI","Kernel-based Process Isolation",{"name":145},{"id":142,"name":143,"tactic":436},{"name":145},{"id":179,"name":180,"tactic":438},{"name":145},{"id":440,"name":441,"tactic":442},"D3-ABPI","Application-based Process Isolation",{"name":145},{"id":444,"name":445,"tactic":446},"D3-WSAM","Web Session Access Mediation",{"name":145},{"id":448,"name":449,"tactic":450},"D3-CTS","Credential Transmission Scoping",{"name":145},{"id":337,"name":338,"tactic":452},{"name":145},{"id":454,"name":455,"tactics":456,"countermeasures":458},"T1563","Remote Service Session Hijacking",[457],{"id":346,"name":347},[459,461,463,465,467,469,471,473,475,479],{"id":305,"name":306,"tactic":460},{"name":56},{"id":309,"name":310,"tactic":462},{"name":56},{"id":313,"name":314,"tactic":464},{"name":56},{"id":317,"name":318,"tactic":466},{"name":56},{"id":321,"name":322,"tactic":468},{"name":56},{"id":325,"name":326,"tactic":470},{"name":56},{"id":329,"name":330,"tactic":472},{"name":56},{"id":333,"name":334,"tactic":474},{"name":56},{"id":476,"name":477,"tactic":478},"D3-ST","Session Termination",{"name":93},{"id":337,"name":338,"tactic":480},{"name":145},{"id":482,"name":483,"techniques":484},"CAPEC-633","Token Impersonation",[485],{"id":486,"name":487,"tactics":488,"countermeasures":494},"T1134","Access Token Manipulation",[489,490,493],{"id":29,"name":30},{"id":491,"name":492},"TA0005","Stealth",{"id":32,"name":33},[495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,529,531,533,535,537,539,541],{"id":36,"name":37,"tactic":496},{"name":39},{"id":49,"name":50,"tactic":498},{"name":39},{"id":41,"name":42,"tactic":500},{"name":39},{"id":53,"name":54,"tactic":502},{"name":56},{"id":58,"name":59,"tactic":504},{"name":56},{"id":360,"name":361,"tactic":506},{"name":56},{"id":74,"name":75,"tactic":508},{"name":56},{"id":86,"name":87,"tactic":510},{"name":56},{"id":476,"name":477,"tactic":512},{"name":93},{"id":396,"name":397,"tactic":514},{"name":93},{"id":400,"name":401,"tactic":516},{"name":93},{"id":404,"name":405,"tactic":518},{"name":102},{"id":408,"name":409,"tactic":520},{"name":107},{"id":412,"name":413,"tactic":522},{"name":107},{"id":416,"name":417,"tactic":524},{"name":107},{"id":420,"name":421,"tactic":526},{"name":107},{"id":424,"name":425,"tactic":528},{"name":107},{"id":121,"name":122,"tactic":530},{"name":124},{"id":428,"name":429,"tactic":532},{"name":124},{"id":142,"name":143,"tactic":534},{"name":145},{"id":448,"name":449,"tactic":536},{"name":145},{"id":171,"name":172,"tactic":538},{"name":145},{"id":175,"name":176,"tactic":540},{"name":145},{"id":179,"name":180,"tactic":542},{"name":145},{"id":544,"name":545,"techniques":546},"CAPEC-650","Upload a Web Shell to a Web Server",[547],{"id":548,"name":549,"tactics":550,"countermeasures":554},"T1505.003","Web Shell",[551],{"id":552,"name":553},"TA0110","Persistence",[555,559,563,567,571,573,575,577,579,581,583,585,587,589,591,593,595,597,599,603,605,607,609,611,613,615,617,619,621,623,625],{"id":556,"name":557,"tactic":558},"D3-NNI","Network Node Inventory",{"name":39},{"id":560,"name":561,"tactic":562},"D3-PLM","Physical Link Mapping",{"name":39},{"id":564,"name":565,"tactic":566},"D3-LLM","Logical Link Mapping",{"name":39},{"id":568,"name":569,"tactic":570},"D3-EHB","Endpoint Health Beacon",{"name":56},{"id":66,"name":67,"tactic":572},{"name":56},{"id":70,"name":71,"tactic":574},{"name":56},{"id":78,"name":79,"tactic":576},{"name":56},{"id":82,"name":83,"tactic":578},{"name":56},{"id":350,"name":351,"tactic":580},{"name":56},{"id":354,"name":355,"tactic":582},{"name":56},{"id":86,"name":87,"tactic":584},{"name":56},{"id":90,"name":91,"tactic":586},{"name":93},{"id":380,"name":381,"tactic":588},{"name":93},{"id":384,"name":385,"tactic":590},{"name":93},{"id":388,"name":389,"tactic":592},{"name":93},{"id":392,"name":393,"tactic":594},{"name":93},{"id":99,"name":100,"tactic":596},{"name":102},{"id":104,"name":105,"tactic":598},{"name":107},{"id":600,"name":601,"tactic":602},"D3-RNA","Restore Network Access",{"name":124},{"id":126,"name":127,"tactic":604},{"name":124},{"id":147,"name":148,"tactic":606},{"name":145},{"id":151,"name":152,"tactic":608},{"name":145},{"id":155,"name":156,"tactic":610},{"name":145},{"id":159,"name":160,"tactic":612},{"name":145},{"id":163,"name":164,"tactic":614},{"name":145},{"id":171,"name":172,"tactic":616},{"name":145},{"id":175,"name":176,"tactic":618},{"name":145},{"id":432,"name":433,"tactic":620},{"name":145},{"id":142,"name":143,"tactic":622},{"name":145},{"id":179,"name":180,"tactic":624},{"name":145},{"id":440,"name":441,"tactic":626},{"name":145},{"id":628,"name":629,"techniques":630},"CAPEC-94","Adversary in the Middle (AiTM)",[631],{"id":632,"name":633,"tactics":634,"countermeasures":637},"T1557","Adversary-in-the-Middle",[635,636],{"id":282,"name":283},{"id":301,"name":302},[638,640,642,644,646,648,650,652,654,658],{"id":305,"name":306,"tactic":639},{"name":56},{"id":309,"name":310,"tactic":641},{"name":56},{"id":313,"name":314,"tactic":643},{"name":56},{"id":317,"name":318,"tactic":645},{"name":56},{"id":321,"name":322,"tactic":647},{"name":56},{"id":325,"name":326,"tactic":649},{"name":56},{"id":329,"name":330,"tactic":651},{"name":56},{"id":333,"name":334,"tactic":653},{"name":56},{"id":655,"name":656,"tactic":657},"D3-CAA","Connection Attempt Analysis",{"name":56},{"id":337,"name":338,"tactic":659},{"name":145},[],[662],"GHSA-6m48-jxwx-76q7",[],[665,667,669,671,673,675,677,679,681],{"_key":666},"RHSA-2013:0964",{"_key":668},"UBUNTU-CVE-2013-2067",{"_key":670},"DSA-2725-1",{"_key":672},"DSA-2897-1",{"_key":674},"MGASA-2014-0082",{"_key":676},"RHSA-2013:0834",{"_key":678},"RHSA-2013:0839",{"_key":680},"RHSA-2013:1011",{"_key":682},"RHSA-2013:1012",[],[685],{"_key":674},"2013-06-01T10:00:00.000Z","2024-08-06T15:27:40.650Z","Modified",{"cisa_kev":690,"cisa_ransomware":690,"cisa_vendor":9,"epss_severity":691,"epss_score":692,"severity":691,"severity_score":693,"severity_version":694,"severity_source":695,"severity_vector":696,"severity_status":688},false,"medium",0.10445,6.8,"v2.0","nvd","AV:N/AC:M/Au:N/C:P/I:P/A:P",[698,707,713,717,721,725,729,733,737,741,745,749,755,760,764,768,774,778,783,787,791,795,799,803,808,812,816,820,824,828],{"url":699,"sources":700,"tags":703},"http://rhn.redhat.com/errata/RHSA-2013-0839.html",[701,695,702],"cve.org","osv_maven",[704,705,706],"Vendor Advisory","X Refsource REDHAT","WEB",{"url":708,"sources":709,"tags":710},"http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891",[701,695,702],[711,712,706],"X Refsource CONFIRM","Patch",{"url":714,"sources":715,"tags":716},"http://rhn.redhat.com/errata/RHSA-2013-0964.html",[701,695,702],[704,705,706],{"url":718,"sources":719,"tags":720},"http://svn.apache.org/viewvc?view=revision&revision=1417891",[701,695,702],[711,712,706],{"url":722,"sources":723,"tags":724},"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044",[701,695,702],[711,712,706],{"url":726,"sources":727,"tags":728},"http://tomcat.apache.org/security-7.html",[701,695,702],[711,704,706],{"url":730,"sources":731,"tags":732},"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",[701,695,702],[711,706],{"url":734,"sources":735,"tags":736},"http://rhn.redhat.com/errata/RHSA-2013-0833.html",[701,695,702],[704,705,706],{"url":738,"sources":739,"tags":740},"http://svn.apache.org/viewvc?view=revision&revision=1408044",[701,695,702],[711,712,706],{"url":742,"sources":743,"tags":744},"http://rhn.redhat.com/errata/RHSA-2013-1437.html",[701,695,702],[704,705,706],{"url":746,"sources":747,"tags":748},"http://tomcat.apache.org/security-6.html",[701,695,702],[711,704,706],{"url":750,"sources":751,"tags":752},"http://www.securityfocus.com/bid/59799",[701,695,702],[753,754,706],"VDB Entry","X Refsource BID",{"url":756,"sources":757,"tags":758},"http://www.ubuntu.com/usn/USN-1841-1",[701,695,702],[704,759,706],"X Refsource UBUNTU",{"url":761,"sources":762,"tags":763},"http://rhn.redhat.com/errata/RHSA-2013-0834.html",[701,695,702],[704,705,706],{"url":765,"sources":766,"tags":767},"http://www.securityfocus.com/bid/64758",[701,695,702],[753,754,706],{"url":769,"sources":770,"tags":771},"http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html",[701,695,702],[772,773,706],"Mailing List","X Refsource BUGTRAQ",{"url":775,"sources":776,"tags":777},"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",[701,695,702],[711,706],{"url":779,"sources":780,"tags":781},"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",[701,695],[772,782],"X Refsource MLIST",{"url":784,"sources":785,"tags":786},"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",[701,695],[772,782],{"url":788,"sources":789,"tags":790},"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",[701,695],[772,782],{"url":792,"sources":793,"tags":794},"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",[701,695],[772,782],{"url":796,"sources":797,"tags":798},"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",[701,695],[772,782],{"url":800,"sources":801,"tags":802},"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",[701,695],[772,782],{"url":804,"sources":805,"tags":806},"https://nvd.nist.gov/vuln/detail/CVE-2013-2067",[702],[807],"Advisory",{"url":809,"sources":810,"tags":811},"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",[702],[706],{"url":813,"sources":814,"tags":815},"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",[702],[706],{"url":817,"sources":818,"tags":819},"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",[702],[706],{"url":821,"sources":822,"tags":823},"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",[702],[706],{"url":825,"sources":826,"tags":827},"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",[702],[706],{"url":829,"sources":830,"tags":831},"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",[702],[706],[],{"date":834,"score":692,"percentile":835},"2026-06-04",0.93361,[837,841,843,846,849,852,854,857,860,863,866,869,872,875,877,880,883,886,889,892,895,897,900,902,905,908,911,914,917,919,922,925,928,930,934,937,940,943,946,949,952,954,957,960,963,966,969,971,974,977,980,983,986,989,992,995,998,1001,1004,1007,1010,1013,1016,1019,1022,1024,1027,1030,1033,1036,1039,1042,1045,1048,1051,1054,1056,1058,1061,1064,1067,1070,1073,1076,1079,1082,1084,1087,1090,1093],{"date":838,"score":839,"percentile":840},"2025-11-04",0.04198,0.88217,{"date":842,"score":839,"percentile":840},"2025-11-05",{"date":844,"score":839,"percentile":845},"2025-11-06",0.88209,{"date":847,"score":839,"percentile":848},"2025-11-07",0.88215,{"date":850,"score":839,"percentile":851},"2025-11-08",0.88218,{"date":853,"score":839,"percentile":848},"2025-11-09",{"date":855,"score":839,"percentile":856},"2025-11-10",0.88214,{"date":858,"score":839,"percentile":859},"2025-11-11",0.88219,{"date":861,"score":839,"percentile":862},"2025-11-12",0.88228,{"date":864,"score":839,"percentile":865},"2025-11-13",0.88233,{"date":867,"score":839,"percentile":868},"2025-11-14",0.88237,{"date":870,"score":839,"percentile":871},"2025-11-15",0.88231,{"date":873,"score":839,"percentile":874},"2025-11-16",0.88235,{"date":876,"score":839,"percentile":871},"2025-11-17",{"date":878,"score":839,"percentile":879},"2025-11-18",0.87603,{"date":881,"score":839,"percentile":882},"2025-11-19",0.87608,{"date":884,"score":839,"percentile":885},"2025-11-20",0.87613,{"date":887,"score":839,"percentile":888},"2025-11-21",0.88246,{"date":890,"score":839,"percentile":891},"2025-11-22",0.88245,{"date":893,"score":839,"percentile":894},"2025-11-23",0.88241,{"date":896,"score":839,"percentile":894},"2025-11-24",{"date":898,"score":839,"percentile":899},"2025-11-25",0.88242,{"date":901,"score":839,"percentile":899},"2025-11-26",{"date":903,"score":839,"percentile":904},"2025-11-27",0.88243,{"date":906,"score":839,"percentile":907},"2025-11-28",0.88234,{"date":909,"score":839,"percentile":910},"2025-11-29",0.88309,{"date":912,"score":839,"percentile":913},"2025-11-30",0.88305,{"date":915,"score":839,"percentile":916},"2025-12-01",0.88366,{"date":918,"score":839,"percentile":916},"2025-12-02",{"date":920,"score":839,"percentile":921},"2025-12-03",0.88364,{"date":923,"score":839,"percentile":924},"2025-12-04",0.88304,{"date":926,"score":839,"percentile":927},"2025-12-05",0.88306,{"date":929,"score":839,"percentile":913},"2025-12-06",{"date":931,"score":932,"percentile":933},"2025-12-07",0.04253,0.88371,{"date":935,"score":932,"percentile":936},"2025-12-08",0.88372,{"date":938,"score":932,"percentile":939},"2025-12-09",0.88386,{"date":941,"score":932,"percentile":942},"2025-12-10",0.88404,{"date":944,"score":932,"percentile":945},"2025-12-11",0.88407,{"date":947,"score":932,"percentile":948},"2025-12-12",0.88408,{"date":950,"score":932,"percentile":951},"2025-12-13",0.8841,{"date":953,"score":932,"percentile":948},"2025-12-14",{"date":955,"score":932,"percentile":956},"2025-12-15",0.88411,{"date":958,"score":932,"percentile":959},"2025-12-16",0.88415,{"date":961,"score":932,"percentile":962},"2025-12-17",0.88419,{"date":964,"score":932,"percentile":965},"2025-12-18",0.88422,{"date":967,"score":932,"percentile":968},"2025-12-19",0.88424,{"date":970,"score":932,"percentile":965},"2025-12-20",{"date":972,"score":932,"percentile":973},"2025-12-21",0.88431,{"date":975,"score":932,"percentile":976},"2025-12-22",0.88429,{"date":978,"score":932,"percentile":979},"2025-12-23",0.88434,{"date":981,"score":932,"percentile":982},"2025-12-24",0.88439,{"date":984,"score":932,"percentile":985},"2025-12-25",0.88449,{"date":987,"score":932,"percentile":988},"2025-12-26",0.88447,{"date":990,"score":932,"percentile":991},"2025-12-27",0.88493,{"date":993,"score":932,"percentile":994},"2025-12-28",0.8844,{"date":996,"score":932,"percentile":997},"2025-12-29",0.88436,{"date":999,"score":932,"percentile":1000},"2025-12-30",0.88442,{"date":1002,"score":932,"percentile":1003},"2025-12-31",0.88451,{"date":1005,"score":932,"percentile":1006},"2026-01-01",0.88515,{"date":1008,"score":932,"percentile":1009},"2026-01-02",0.8851,{"date":1011,"score":932,"percentile":1012},"2026-01-03",0.88507,{"date":1014,"score":932,"percentile":1015},"2026-01-04",0.88445,{"date":1017,"score":932,"percentile":1018},"2026-01-05",0.88441,{"date":1020,"score":932,"percentile":1021},"2026-01-06",0.88446,{"date":1023,"score":932,"percentile":985},"2026-01-07",{"date":1025,"score":932,"percentile":1026},"2026-01-08",0.88455,{"date":1028,"score":932,"percentile":1029},"2026-01-09",0.88458,{"date":1031,"score":932,"percentile":1032},"2026-01-10",0.88461,{"date":1034,"score":932,"percentile":1035},"2026-01-11",0.88454,{"date":1037,"score":932,"percentile":1038},"2026-01-12",0.88453,{"date":1040,"score":932,"percentile":1041},"2026-01-13",0.8845,{"date":1043,"score":932,"percentile":1044},"2026-01-14",0.88463,{"date":1046,"score":932,"percentile":1047},"2026-01-15",0.88466,{"date":1049,"score":932,"percentile":1050},"2026-01-16",0.88472,{"date":1052,"score":932,"percentile":1053},"2026-01-17",0.88473,{"date":1055,"score":932,"percentile":1053},"2026-01-18",{"date":1057,"score":932,"percentile":1050},"2026-01-19",{"date":1059,"score":932,"percentile":1060},"2026-01-20",0.88475,{"date":1062,"score":932,"percentile":1063},"2026-01-21",0.8848,{"date":1065,"score":932,"percentile":1066},"2026-01-22",0.88484,{"date":1068,"score":932,"percentile":1069},"2026-01-23",0.88498,{"date":1071,"score":932,"percentile":1072},"2026-01-24",0.88505,{"date":1074,"score":932,"percentile":1075},"2026-01-25",0.88501,{"date":1077,"score":932,"percentile":1078},"2026-01-26",0.88502,{"date":1080,"score":932,"percentile":1081},"2026-01-27",0.88503,{"date":1083,"score":932,"percentile":1072},"2026-01-28",{"date":1085,"score":932,"percentile":1086},"2026-01-29",0.88511,{"date":1088,"score":932,"percentile":1089},"2026-01-30",0.88514,{"date":1091,"score":932,"percentile":1092},"2026-01-31",0.88512,{"date":1094,"score":932,"percentile":1095},"2026-02-01",0.88575,[1097],{"source":695,"cvss_v2_0":1098,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":693,"baseSeverity":9,"vectorString":696,"impactScore":1099,"exploitabilityScore":1100},6.4,8.6,[1102,1192],{"ecosystem":9,"name":1103,"vendor":9,"product":1103,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1104},"Tomcat",[1105,1108,1110,1112,1114,1116,1118,1120,1122,1124,1126,1128,1130,1132,1134,1136,1138,1140,1142,1144,1146,1148,1150,1152,1154,1156,1158,1160,1162,1164,1166,1168,1170,1172,1174,1176,1178,1180,1182,1184,1186,1188,1190],{"version":1106,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.21","cpe",{"version":1109,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.24",{"version":1111,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.26",{"version":1113,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.27",{"version":1115,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.28",{"version":1117,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.29",{"version":1119,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.30",{"version":1121,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.31",{"version":1123,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.32",{"version":1125,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.33",{"version":1127,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.35",{"version":1129,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.36",{"version":1131,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.0",{"version":1133,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.0:beta",{"version":1135,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.1",{"version":1137,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.2",{"version":1139,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.2:beta",{"version":1141,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.3",{"version":1143,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.4",{"version":1145,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.4:beta",{"version":1147,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.5",{"version":1149,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.6",{"version":1151,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.7",{"version":1153,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.8",{"version":1155,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.9",{"version":1157,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.10",{"version":1159,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.11",{"version":1161,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.12",{"version":1163,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.13",{"version":1165,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.14",{"version":1167,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.15",{"version":1169,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.16",{"version":1171,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.17",{"version":1173,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.18",{"version":1175,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.19",{"version":1177,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.20",{"version":1179,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.21",{"version":1181,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.22",{"version":1183,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.23",{"version":1185,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.25",{"version":1187,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.28",{"version":1189,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.30",{"version":1191,"is_range":690,"range_type":1107,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.32",{"ecosystem":1193,"name":1194,"vendor":1195,"product":1196,"cpe_part":9,"purl_type":1197,"purl_namespace":1195,"purl_name":1196,"source":9,"versions":1198},"Maven","org.apache.tomcat:tomcat","org.apache.tomcat","tomcat","maven",[1199,1206],{"version":1200,"is_range":1201,"range_type":1202,"version_start":1106,"version_start_type":1203,"version_end":1204,"version_end_type":1205,"fixed_in":9},"gte6_0_21_lt6_0_37",true,"ecosystem","including","6.0.37","excluding",{"version":1207,"is_range":1201,"range_type":1202,"version_start":1131,"version_start_type":1203,"version_end":1208,"version_end_type":1205,"fixed_in":9},"gte7_0_0_lt7_0_33","7.0.33"]