[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-1323":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":1099,"aliases":1100,"duplicate_of":9,"upstream":1101,"downstream":1102,"duplicates":1105,"related":1106,"reserved_at":9,"published_at":1108,"modified_at":1109,"state":1110,"summary":1111,"references_raw":1119,"kevs":1165,"epss":1166,"epss_history":1169,"metrics":1404,"affected":1414},"CVE-2018-1323","The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.",null,[11,40],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],{"_key":41,"id":41,"name":42,"description":43,"type":15,"status":44,"abstraction":45,"likelihood_of_exploit":18,"capec":46},"CWE-200","Exposure of Sensitive Information to an Unauthorized Actor","The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.","Draft","Class",[47,51,235,261,265,269,273,277,281,285,375,379,383,405,409,413,417,421,431,435,439,443,447,451,455,459,463,527,531,557,579,583,587,591,595,599,603,607,611,615,619,623,627,631,635,639,671,675,697,719,765,791,891,895,1020,1057,1067,1077,1097],{"id":48,"name":49,"techniques":50},"CAPEC-116","Excavation",[],{"id":52,"name":53,"techniques":54},"CAPEC-13","Subverting Environment Variable Values",[55,153,195],{"id":56,"name":57,"tactics":58,"countermeasures":65},"T1562.003","Impair Command History Logging",[59,62],{"id":60,"name":61},"TA0030","Defense Evasion",{"id":63,"name":64},"TA0005","Stealth",[66,71,76,80,84,88,93,97,102,107,111,115,120,124,129,133,137,141,145,149],{"id":67,"name":68,"tactic":69},"D3-CI","Configuration Inventory",{"name":70},"Model",{"id":72,"name":73,"tactic":74},"D3-FA","File Analysis",{"name":75},"Detect",{"id":77,"name":78,"tactic":79},"D3-FIM","File Integrity Monitoring",{"name":75},{"id":81,"name":82,"tactic":83},"D3-DA","Dynamic Analysis",{"name":75},{"id":85,"name":86,"tactic":87},"D3-EFA","Emulated File Analysis",{"name":75},{"id":89,"name":90,"tactic":91},"D3-FEV","File Eviction",{"name":92},"Evict",{"id":94,"name":95,"tactic":96},"D3-RKD","Registry Key Deletion",{"name":92},{"id":98,"name":99,"tactic":100},"D3-DF","Decoy File",{"name":101},"Deceive",{"id":103,"name":104,"tactic":105},"D3-DRA","Disable Remote Access",{"name":106},"Harden",{"id":108,"name":109,"tactic":110},"D3-ACH","Application Configuration Hardening",{"name":106},{"id":112,"name":113,"tactic":114},"D3-FE","File Encryption",{"name":106},{"id":116,"name":117,"tactic":118},"D3-RC","Restore Configuration",{"name":119},"Restore",{"id":121,"name":122,"tactic":123},"D3-RF","Restore File",{"name":119},{"id":125,"name":126,"tactic":127},"D3-CQ","Content Quarantine",{"name":128},"Isolate",{"id":130,"name":131,"tactic":132},"D3-CF","Content Filtering",{"name":128},{"id":134,"name":135,"tactic":136},"D3-LFP","Local File Permissions",{"name":128},{"id":138,"name":139,"tactic":140},"D3-RFAM","Remote File Access Mediation",{"name":128},{"id":142,"name":143,"tactic":144},"D3-CM","Content Modification",{"name":128},{"id":146,"name":147,"tactic":148},"D3-EAL","Executable Allowlisting",{"name":128},{"id":150,"name":151,"tactic":152},"D3-EDL","Executable Denylisting",{"name":128},{"id":154,"name":155,"tactics":156,"countermeasures":168},"T1574.006","Dynamic Linker Hijacking",[157,160,163,164,165],{"id":158,"name":159},"TA0110","Persistence",{"id":161,"name":162},"TA0111","Privilege Escalation",{"id":60,"name":61},{"id":63,"name":64},{"id":166,"name":167},"TA0104","Execution",[169,173,175,177,179,181,183,185,187,189,191,193],{"id":170,"name":171,"tactic":172},"D3-SFA","System File Analysis",{"name":75},{"id":72,"name":73,"tactic":174},{"name":75},{"id":77,"name":78,"tactic":176},{"name":75},{"id":89,"name":90,"tactic":178},{"name":92},{"id":98,"name":99,"tactic":180},{"name":101},{"id":112,"name":113,"tactic":182},{"name":106},{"id":121,"name":122,"tactic":184},{"name":119},{"id":130,"name":131,"tactic":186},{"name":128},{"id":134,"name":135,"tactic":188},{"name":128},{"id":138,"name":139,"tactic":190},{"name":128},{"id":125,"name":126,"tactic":192},{"name":128},{"id":142,"name":143,"tactic":194},{"name":128},{"id":196,"name":197,"tactics":198,"countermeasures":204},"T1574.007","Path Interception by PATH Environment Variable",[199,200,201,202,203],{"id":158,"name":159},{"id":161,"name":162},{"id":60,"name":61},{"id":63,"name":64},{"id":166,"name":167},[205,207,209,211,213,215,217,219,221,223,225,227,229,231,233],{"id":72,"name":73,"tactic":206},{"name":75},{"id":77,"name":78,"tactic":208},{"name":75},{"id":81,"name":82,"tactic":210},{"name":75},{"id":85,"name":86,"tactic":212},{"name":75},{"id":89,"name":90,"tactic":214},{"name":92},{"id":98,"name":99,"tactic":216},{"name":101},{"id":112,"name":113,"tactic":218},{"name":106},{"id":121,"name":122,"tactic":220},{"name":119},{"id":130,"name":131,"tactic":222},{"name":128},{"id":134,"name":135,"tactic":224},{"name":128},{"id":138,"name":139,"tactic":226},{"name":128},{"id":125,"name":126,"tactic":228},{"name":128},{"id":142,"name":143,"tactic":230},{"name":128},{"id":146,"name":147,"tactic":232},{"name":128},{"id":150,"name":151,"tactic":234},{"name":128},{"id":236,"name":237,"techniques":238},"CAPEC-169","Footprinting",[239,247,255],{"id":240,"name":241,"tactics":242,"countermeasures":246},"T1217","Browser Information Discovery",[243],{"id":244,"name":245},"TA0102","Discovery",[],{"id":248,"name":249,"tactics":250,"countermeasures":254},"T1592","Gather Victim Host Information",[251],{"id":252,"name":253},"TA0043","Reconnaissance",[],{"id":256,"name":257,"tactics":258,"countermeasures":260},"T1595","Active Scanning",[259],{"id":252,"name":253},[],{"id":262,"name":263,"techniques":264},"CAPEC-22","Exploiting Trust in Client",[],{"id":266,"name":267,"techniques":268},"CAPEC-224","Fingerprinting",[],{"id":270,"name":271,"techniques":272},"CAPEC-285","ICMP Echo Request Ping",[],{"id":274,"name":275,"techniques":276},"CAPEC-287","TCP SYN Scan",[],{"id":278,"name":279,"techniques":280},"CAPEC-290","Enumerate Mail Exchange (MX) Records",[],{"id":282,"name":283,"techniques":284},"CAPEC-291","DNS Zone Transfers",[],{"id":286,"name":287,"techniques":288},"CAPEC-292","Host Discovery",[289],{"id":290,"name":291,"tactics":292,"countermeasures":294},"T1018","Remote System Discovery",[293],{"id":244,"name":245},[295,299,301,303,305,309,313,317,321,325,329,333,337,341,343,345,347,349,353,355,357,359,361,363,367,369,371],{"id":296,"name":297,"tactic":298},"D3-SCA","System Call Analysis",{"name":75},{"id":170,"name":171,"tactic":300},{"name":75},{"id":72,"name":73,"tactic":302},{"name":75},{"id":77,"name":78,"tactic":304},{"name":75},{"id":306,"name":307,"tactic":308},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":75},{"id":310,"name":311,"tactic":312},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":75},{"id":314,"name":315,"tactic":316},"D3-CSPP","Client-server Payload Profiling",{"name":75},{"id":318,"name":319,"tactic":320},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":75},{"id":322,"name":323,"tactic":324},"D3-NTSA","Network Traffic Signature Analysis",{"name":75},{"id":326,"name":327,"tactic":328},"D3-APCA","Application Protocol Command Analysis",{"name":75},{"id":330,"name":331,"tactic":332},"D3-NTCD","Network Traffic Community Deviation",{"name":75},{"id":334,"name":335,"tactic":336},"D3-RTSD","Remote Terminal Session Detection",{"name":75},{"id":338,"name":339,"tactic":340},"D3-PSA","Process Spawn Analysis",{"name":75},{"id":89,"name":90,"tactic":342},{"name":92},{"id":98,"name":99,"tactic":344},{"name":101},{"id":112,"name":113,"tactic":346},{"name":106},{"id":121,"name":122,"tactic":348},{"name":119},{"id":350,"name":351,"tactic":352},"D3-SCF","System Call Filtering",{"name":128},{"id":130,"name":131,"tactic":354},{"name":128},{"id":134,"name":135,"tactic":356},{"name":128},{"id":138,"name":139,"tactic":358},{"name":128},{"id":125,"name":126,"tactic":360},{"name":128},{"id":142,"name":143,"tactic":362},{"name":128},{"id":364,"name":365,"tactic":366},"D3-NTF","Network Traffic Filtering",{"name":128},{"id":146,"name":147,"tactic":368},{"name":128},{"id":150,"name":151,"tactic":370},{"name":128},{"id":372,"name":373,"tactic":374},"D3-HBPI","Hardware-based Process Isolation",{"name":128},{"id":376,"name":377,"techniques":378},"CAPEC-293","Traceroute Route Enumeration",[],{"id":380,"name":381,"techniques":382},"CAPEC-294","ICMP Address Mask Request",[],{"id":384,"name":385,"techniques":386},"CAPEC-295","Timestamp Request",[387],{"id":388,"name":389,"tactics":390,"countermeasures":392},"T1124","System Time Discovery",[391],{"id":244,"name":245},[393,395,397,399,401,403],{"id":296,"name":297,"tactic":394},{"name":75},{"id":338,"name":339,"tactic":396},{"name":75},{"id":350,"name":351,"tactic":398},{"name":128},{"id":146,"name":147,"tactic":400},{"name":128},{"id":150,"name":151,"tactic":402},{"name":128},{"id":372,"name":373,"tactic":404},{"name":128},{"id":406,"name":407,"techniques":408},"CAPEC-296","ICMP Information Request",[],{"id":410,"name":411,"techniques":412},"CAPEC-297","TCP ACK Ping",[],{"id":414,"name":415,"techniques":416},"CAPEC-298","UDP Ping",[],{"id":418,"name":419,"techniques":420},"CAPEC-299","TCP SYN Ping",[],{"id":422,"name":423,"techniques":424},"CAPEC-300","Port Scanning",[425],{"id":426,"name":427,"tactics":428,"countermeasures":430},"T1046","Network Service Discovery",[429],{"id":244,"name":245},[],{"id":432,"name":433,"techniques":434},"CAPEC-301","TCP Connect Scan",[],{"id":436,"name":437,"techniques":438},"CAPEC-302","TCP FIN Scan",[],{"id":440,"name":441,"techniques":442},"CAPEC-303","TCP Xmas Scan",[],{"id":444,"name":445,"techniques":446},"CAPEC-304","TCP Null Scan",[],{"id":448,"name":449,"techniques":450},"CAPEC-305","TCP ACK Scan",[],{"id":452,"name":453,"techniques":454},"CAPEC-306","TCP Window Scan",[],{"id":456,"name":457,"techniques":458},"CAPEC-307","TCP RPC Scan",[],{"id":460,"name":461,"techniques":462},"CAPEC-308","UDP Scan",[],{"id":464,"name":465,"techniques":466},"CAPEC-309","Network Topology Mapping",[467,511,521],{"id":468,"name":469,"tactics":470,"countermeasures":472},"T1016","System Network Configuration Discovery",[471],{"id":244,"name":245},[473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,509],{"id":72,"name":73,"tactic":474},{"name":75},{"id":77,"name":78,"tactic":476},{"name":75},{"id":81,"name":82,"tactic":478},{"name":75},{"id":85,"name":86,"tactic":480},{"name":75},{"id":296,"name":297,"tactic":482},{"name":75},{"id":338,"name":339,"tactic":484},{"name":75},{"id":89,"name":90,"tactic":486},{"name":92},{"id":98,"name":99,"tactic":488},{"name":101},{"id":112,"name":113,"tactic":490},{"name":106},{"id":121,"name":122,"tactic":492},{"name":119},{"id":130,"name":131,"tactic":494},{"name":128},{"id":134,"name":135,"tactic":496},{"name":128},{"id":138,"name":139,"tactic":498},{"name":128},{"id":125,"name":126,"tactic":500},{"name":128},{"id":142,"name":143,"tactic":502},{"name":128},{"id":146,"name":147,"tactic":504},{"name":128},{"id":150,"name":151,"tactic":506},{"name":128},{"id":350,"name":351,"tactic":508},{"name":128},{"id":372,"name":373,"tactic":510},{"name":128},{"id":512,"name":513,"tactics":514,"countermeasures":516},"T1049","System Network Connections Discovery",[515],{"id":244,"name":245},[517,519],{"id":296,"name":297,"tactic":518},{"name":75},{"id":350,"name":351,"tactic":520},{"name":128},{"id":522,"name":523,"tactics":524,"countermeasures":526},"T1590","Gather Victim Network Information",[525],{"id":252,"name":253},[],{"id":528,"name":529,"techniques":530},"CAPEC-310","Scanning for Vulnerable Software",[],{"id":532,"name":533,"techniques":534},"CAPEC-312","Active OS Fingerprinting",[535],{"id":536,"name":537,"tactics":538,"countermeasures":540},"T1082","System Information Discovery",[539],{"id":244,"name":245},[541,543,545,549,551,553,555],{"id":296,"name":297,"tactic":542},{"name":75},{"id":338,"name":339,"tactic":544},{"name":75},{"id":546,"name":547,"tactic":548},"D3-DE","Decoy Environment",{"name":101},{"id":350,"name":351,"tactic":550},{"name":128},{"id":146,"name":147,"tactic":552},{"name":128},{"id":150,"name":151,"tactic":554},{"name":128},{"id":372,"name":373,"tactic":556},{"name":128},{"id":558,"name":559,"techniques":560},"CAPEC-313","Passive OS Fingerprinting",[561],{"id":536,"name":537,"tactics":562,"countermeasures":564},[563],{"id":244,"name":245},[565,567,569,571,573,575,577],{"id":296,"name":297,"tactic":566},{"name":75},{"id":338,"name":339,"tactic":568},{"name":75},{"id":546,"name":547,"tactic":570},{"name":101},{"id":350,"name":351,"tactic":572},{"name":128},{"id":146,"name":147,"tactic":574},{"name":128},{"id":150,"name":151,"tactic":576},{"name":128},{"id":372,"name":373,"tactic":578},{"name":128},{"id":580,"name":581,"techniques":582},"CAPEC-317","IP ID Sequencing Probe",[],{"id":584,"name":585,"techniques":586},"CAPEC-318","IP 'ID' Echoed Byte-Order Probe",[],{"id":588,"name":589,"techniques":590},"CAPEC-319","IP (DF) 'Don't Fragment Bit' Echoing Probe",[],{"id":592,"name":593,"techniques":594},"CAPEC-320","TCP Timestamp Probe",[],{"id":596,"name":597,"techniques":598},"CAPEC-321","TCP Sequence Number Probe",[],{"id":600,"name":601,"techniques":602},"CAPEC-322","TCP (ISN) Greatest Common Divisor Probe",[],{"id":604,"name":605,"techniques":606},"CAPEC-323","TCP (ISN) Counter Rate Probe",[],{"id":608,"name":609,"techniques":610},"CAPEC-324","TCP (ISN) Sequence Predictability Probe",[],{"id":612,"name":613,"techniques":614},"CAPEC-325","TCP Congestion Control Flag (ECN) Probe",[],{"id":616,"name":617,"techniques":618},"CAPEC-326","TCP Initial Window Size Probe",[],{"id":620,"name":621,"techniques":622},"CAPEC-327","TCP Options Probe",[],{"id":624,"name":625,"techniques":626},"CAPEC-328","TCP 'RST' Flag Checksum Probe",[],{"id":628,"name":629,"techniques":630},"CAPEC-329","ICMP Error Message Quoting Probe",[],{"id":632,"name":633,"techniques":634},"CAPEC-330","ICMP Error Message Echoing Integrity Probe",[],{"id":636,"name":637,"techniques":638},"CAPEC-472","Browser Fingerprinting",[],{"id":640,"name":641,"techniques":642},"CAPEC-497","File Discovery",[643],{"id":644,"name":645,"tactics":646,"countermeasures":648},"T1083","File and Directory Discovery",[647],{"id":244,"name":245},[649,651,653,655,657,659,661,663,665,667,669],{"id":72,"name":73,"tactic":650},{"name":75},{"id":77,"name":78,"tactic":652},{"name":75},{"id":89,"name":90,"tactic":654},{"name":92},{"id":98,"name":99,"tactic":656},{"name":101},{"id":112,"name":113,"tactic":658},{"name":106},{"id":121,"name":122,"tactic":660},{"name":119},{"id":134,"name":135,"tactic":662},{"name":128},{"id":130,"name":131,"tactic":664},{"name":128},{"id":138,"name":139,"tactic":666},{"name":128},{"id":125,"name":126,"tactic":668},{"name":128},{"id":142,"name":143,"tactic":670},{"name":128},{"id":672,"name":673,"techniques":674},"CAPEC-508","Shoulder Surfing",[],{"id":676,"name":677,"techniques":678},"CAPEC-573","Process Footprinting",[679],{"id":680,"name":681,"tactics":682,"countermeasures":684},"T1057","Process Discovery",[683],{"id":244,"name":245},[685,687,689,691,693,695],{"id":296,"name":297,"tactic":686},{"name":75},{"id":338,"name":339,"tactic":688},{"name":75},{"id":350,"name":351,"tactic":690},{"name":128},{"id":146,"name":147,"tactic":692},{"name":128},{"id":150,"name":151,"tactic":694},{"name":128},{"id":372,"name":373,"tactic":696},{"name":128},{"id":698,"name":699,"techniques":700},"CAPEC-574","Services Footprinting",[701],{"id":702,"name":703,"tactics":704,"countermeasures":706},"T1007","System Service Discovery",[705],{"id":244,"name":245},[707,709,711,713,715,717],{"id":296,"name":297,"tactic":708},{"name":75},{"id":338,"name":339,"tactic":710},{"name":75},{"id":350,"name":351,"tactic":712},{"name":128},{"id":146,"name":147,"tactic":714},{"name":128},{"id":150,"name":151,"tactic":716},{"name":128},{"id":372,"name":373,"tactic":718},{"name":128},{"id":720,"name":721,"techniques":722},"CAPEC-575","Account Footprinting",[723],{"id":724,"name":725,"tactics":726,"countermeasures":728},"T1087","Account Discovery",[727],{"id":244,"name":245},[729,733,737,741,745,749,753,757,761],{"id":730,"name":731,"tactic":732},"D3-AM","Access Modeling",{"name":70},{"id":734,"name":735,"tactic":736},"D3-LAM","Local Account Monitoring",{"name":75},{"id":738,"name":739,"tactic":740},"D3-DAM","Domain Account Monitoring",{"name":75},{"id":742,"name":743,"tactic":744},"D3-AL","Account Locking",{"name":92},{"id":746,"name":747,"tactic":748},"D3-AA","Agent Authentication",{"name":106},{"id":750,"name":751,"tactic":752},"D3-CDP","Change Default Password",{"name":106},{"id":754,"name":755,"tactic":756},"D3-ULA","Unlock Account",{"name":119},{"id":758,"name":759,"tactic":760},"D3-RUAA","Restore User Account Access",{"name":119},{"id":762,"name":763,"tactic":764},"D3-UAP","User Account Permissions",{"name":128},{"id":766,"name":767,"techniques":768},"CAPEC-576","Group Permission Footprinting",[769,775],{"id":770,"name":771,"tactics":772,"countermeasures":774},"T1069","Permission Groups Discovery",[773],{"id":244,"name":245},[],{"id":776,"name":777,"tactics":778,"countermeasures":780},"T1615","Group Policy Discovery",[779],{"id":244,"name":245},[781,783,787,789],{"id":67,"name":68,"tactic":782},{"name":70},{"id":784,"name":785,"tactic":786},"D3-NTPM","Network Traffic Policy Mapping",{"name":70},{"id":730,"name":731,"tactic":788},{"name":70},{"id":116,"name":117,"tactic":790},{"name":119},{"id":792,"name":793,"techniques":794},"CAPEC-577","Owner Footprinting",[795],{"id":796,"name":797,"tactics":798,"countermeasures":800},"T1033","System Owner/User Discovery",[799],{"id":244,"name":245},[801,805,807,809,811,815,819,821,823,827,831,835,839,841,843,847,851,853,857,859,861,863,865,867,869,873,875,879,883,887,889],{"id":802,"name":803,"tactic":804},"D3-DI","Data Inventory",{"name":70},{"id":72,"name":73,"tactic":806},{"name":75},{"id":77,"name":78,"tactic":808},{"name":75},{"id":296,"name":297,"tactic":810},{"name":75},{"id":812,"name":813,"tactic":814},"D3-PLA","Process Lineage Analysis",{"name":75},{"id":816,"name":817,"tactic":818},"D3-PSMD","Process Self-Modification Detection",{"name":75},{"id":338,"name":339,"tactic":820},{"name":75},{"id":89,"name":90,"tactic":822},{"name":92},{"id":824,"name":825,"tactic":826},"D3-PT","Process Termination",{"name":92},{"id":828,"name":829,"tactic":830},"D3-PS","Process Suspension",{"name":92},{"id":832,"name":833,"tactic":834},"D3-HR","Host Reboot",{"name":92},{"id":836,"name":837,"tactic":838},"D3-HS","Host Shutdown",{"name":92},{"id":98,"name":99,"tactic":840},{"name":101},{"id":112,"name":113,"tactic":842},{"name":106},{"id":844,"name":845,"tactic":846},"D3-PSEP","Process Segment Execution Prevention",{"name":106},{"id":848,"name":849,"tactic":850},"D3-SAOR","Segment Address Offset Randomization",{"name":106},{"id":121,"name":122,"tactic":852},{"name":119},{"id":854,"name":855,"tactic":856},"D3-RD","Restore Database",{"name":119},{"id":130,"name":131,"tactic":858},{"name":128},{"id":134,"name":135,"tactic":860},{"name":128},{"id":138,"name":139,"tactic":862},{"name":128},{"id":125,"name":126,"tactic":864},{"name":128},{"id":142,"name":143,"tactic":866},{"name":128},{"id":350,"name":351,"tactic":868},{"name":128},{"id":870,"name":871,"tactic":872},"D3-KBPI","Kernel-based Process Isolation",{"name":128},{"id":372,"name":373,"tactic":874},{"name":128},{"id":876,"name":877,"tactic":878},"D3-ABPI","Application-based Process Isolation",{"name":128},{"id":880,"name":881,"tactic":882},"D3-WSAM","Web Session Access Mediation",{"name":128},{"id":884,"name":885,"tactic":886},"D3-DTP","Domain Trust Policy",{"name":128},{"id":146,"name":147,"tactic":888},{"name":128},{"id":150,"name":151,"tactic":890},{"name":128},{"id":892,"name":893,"techniques":894},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":896,"name":897,"techniques":898},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[899,951],{"id":900,"name":901,"tactics":902,"countermeasures":906},"T1134.001","Token Impersonation/Theft",[903,904,905],{"id":60,"name":61},{"id":63,"name":64},{"id":161,"name":162},[907,911,915,919,923,927,931,935,939,943,947],{"id":908,"name":909,"tactic":910},"D3-CCSA","Credential Compromise Scope Analysis",{"name":75},{"id":912,"name":913,"tactic":914},"D3-CR","Credential Revocation",{"name":92},{"id":916,"name":917,"tactic":918},"D3-ANCI","Authentication Cache Invalidation",{"name":92},{"id":920,"name":921,"tactic":922},"D3-DUC","Decoy User Credential",{"name":101},{"id":924,"name":925,"tactic":926},"D3-CH","Credential Hardening",{"name":106},{"id":928,"name":929,"tactic":930},"D3-MFA","Multi-factor Authentication",{"name":106},{"id":932,"name":933,"tactic":934},"D3-CRO","Credential Rotation",{"name":106},{"id":936,"name":937,"tactic":938},"D3-TB","Token Binding",{"name":106},{"id":940,"name":941,"tactic":942},"D3-TBA","Token-based Authentication",{"name":106},{"id":944,"name":945,"tactic":946},"D3-RIC","Reissue Credential",{"name":119},{"id":948,"name":949,"tactic":950},"D3-CTS","Credential Transmission Scoping",{"name":128},{"id":952,"name":953,"tactics":954,"countermeasures":959},"T1550.004","Web Session Cookie",[955,956],{"id":60,"name":61},{"id":957,"name":958},"TA0109","Lateral Movement",[960,962,964,966,968,970,972,974,976,978,980,982,984,986,988,990,992,994,996,998,1000,1002,1004,1006,1008,1010,1012,1014,1016,1018],{"id":306,"name":307,"tactic":961},{"name":75},{"id":310,"name":311,"tactic":963},{"name":75},{"id":314,"name":315,"tactic":965},{"name":75},{"id":318,"name":319,"tactic":967},{"name":75},{"id":322,"name":323,"tactic":969},{"name":75},{"id":326,"name":327,"tactic":971},{"name":75},{"id":330,"name":331,"tactic":973},{"name":75},{"id":334,"name":335,"tactic":975},{"name":75},{"id":812,"name":813,"tactic":977},{"name":75},{"id":816,"name":817,"tactic":979},{"name":75},{"id":338,"name":339,"tactic":981},{"name":75},{"id":908,"name":909,"tactic":983},{"name":75},{"id":824,"name":825,"tactic":985},{"name":92},{"id":828,"name":829,"tactic":987},{"name":92},{"id":832,"name":833,"tactic":989},{"name":92},{"id":836,"name":837,"tactic":991},{"name":92},{"id":912,"name":913,"tactic":993},{"name":92},{"id":916,"name":917,"tactic":995},{"name":92},{"id":920,"name":921,"tactic":997},{"name":101},{"id":924,"name":925,"tactic":999},{"name":106},{"id":928,"name":929,"tactic":1001},{"name":106},{"id":932,"name":933,"tactic":1003},{"name":106},{"id":944,"name":945,"tactic":1005},{"name":119},{"id":364,"name":365,"tactic":1007},{"name":128},{"id":870,"name":871,"tactic":1009},{"name":128},{"id":350,"name":351,"tactic":1011},{"name":128},{"id":372,"name":373,"tactic":1013},{"name":128},{"id":876,"name":877,"tactic":1015},{"name":128},{"id":880,"name":881,"tactic":1017},{"name":128},{"id":948,"name":949,"tactic":1019},{"name":128},{"id":1021,"name":1022,"techniques":1023},"CAPEC-616","Establish Rogue Location",[1024],{"id":1025,"name":1026,"tactics":1027,"countermeasures":1030},"T1036.005","Match Legitimate Resource Name or Location",[1028,1029],{"id":60,"name":61},{"id":63,"name":64},[1031,1033,1035,1037,1039,1041,1043,1045,1047,1049,1051,1053,1055],{"id":296,"name":297,"tactic":1032},{"name":75},{"id":72,"name":73,"tactic":1034},{"name":75},{"id":77,"name":78,"tactic":1036},{"name":75},{"id":89,"name":90,"tactic":1038},{"name":92},{"id":98,"name":99,"tactic":1040},{"name":101},{"id":112,"name":113,"tactic":1042},{"name":106},{"id":121,"name":122,"tactic":1044},{"name":119},{"id":350,"name":351,"tactic":1046},{"name":128},{"id":130,"name":131,"tactic":1048},{"name":128},{"id":134,"name":135,"tactic":1050},{"name":128},{"id":138,"name":139,"tactic":1052},{"name":128},{"id":125,"name":126,"tactic":1054},{"name":128},{"id":142,"name":143,"tactic":1056},{"name":128},{"id":1058,"name":1059,"techniques":1060},"CAPEC-643","Identify Shared Files/Directories on System",[1061],{"id":1062,"name":1063,"tactics":1064,"countermeasures":1066},"T1135","Network Share Discovery",[1065],{"id":244,"name":245},[],{"id":1068,"name":1069,"techniques":1070},"CAPEC-646","Peripheral Footprinting",[1071],{"id":1072,"name":1073,"tactics":1074,"countermeasures":1076},"T1120","Peripheral Device Discovery",[1075],{"id":244,"name":245},[],{"id":1078,"name":1079,"techniques":1080},"CAPEC-651","Eavesdropping",[1081],{"id":1082,"name":1083,"tactics":1084,"countermeasures":1088},"T1111","Multi-Factor Authentication Interception",[1085],{"id":1086,"name":1087},"TA0031","Credential Access",[1089,1093],{"id":1090,"name":1091,"tactic":1092},"D3-HCI","Hardware Component Inventory",{"name":70},{"id":1094,"name":1095,"tactic":1096},"D3-RH","Radiation Hardening",{"name":106},{"id":37,"name":38,"techniques":1098},[],[],[],[],[1103],{"_key":1104},"OPENSUSE-SU-2024:10625-1",[],[1107],{"_key":1104},"2018-03-12T16:00:00.000Z","2024-09-17T02:16:54.351Z","Modified",{"cisa_kev":1112,"cisa_ransomware":1112,"cisa_vendor":9,"epss_severity":1113,"epss_score":1114,"severity":1113,"severity_score":1115,"severity_version":1116,"severity_source":1117,"severity_vector":1118,"severity_status":1110},false,"high",0.31775,7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[1120,1128,1134,1139,1145,1149,1153,1157,1161],{"url":1121,"sources":1122,"tags":1124},"http://www.securityfocus.com/bid/103389",[1123,1117],"cve.org",[1125,1126,1127],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":1129,"sources":1130,"tags":1131},"https://access.redhat.com/errata/RHSA-2018:1843",[1123,1117],[1132,1133,1127],"Vendor Advisory","X Refsource REDHAT",{"url":1135,"sources":1136,"tags":1137},"https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f%40%3Cannounce.tomcat.apache.org%3E",[1123,1117],[1138],"X Refsource MISC",{"url":1140,"sources":1141,"tags":1142},"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",[1123,1117],[1143,1144],"Mailing List","X Refsource MLIST",{"url":1146,"sources":1147,"tags":1148},"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E",[1123,1117],[1143,1144],{"url":1150,"sources":1151,"tags":1152},"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E",[1123,1117],[1143,1144],{"url":1154,"sources":1155,"tags":1156},"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E",[1123,1117],[1143,1144],{"url":1158,"sources":1159,"tags":1160},"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",[1123,1117],[1143,1144],{"url":1162,"sources":1163,"tags":1164},"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E",[1123,1117],[1143,1144],[],{"date":1167,"score":1114,"percentile":1168},"2026-06-04",0.96894,[1170,1174,1177,1180,1182,1184,1186,1188,1190,1193,1196,1198,1200,1202,1204,1208,1211,1214,1218,1221,1224,1226,1228,1230,1233,1235,1238,1240,1244,1247,1250,1252,1254,1256,1258,1260,1262,1265,1268,1271,1274,1276,1278,1281,1284,1286,1289,1291,1294,1296,1298,1300,1303,1305,1308,1310,1312,1314,1317,1320,1323,1326,1328,1331,1333,1336,1339,1342,1345,1348,1350,1352,1355,1358,1361,1364,1367,1369,1372,1375,1378,1381,1384,1387,1390,1392,1395,1397,1399,1401],{"date":1171,"score":1172,"percentile":1173},"2025-11-04",0.4451,0.97405,{"date":1175,"score":1172,"percentile":1176},"2025-11-05",0.97406,{"date":1178,"score":1172,"percentile":1179},"2025-11-06",0.97404,{"date":1181,"score":1172,"percentile":1173},"2025-11-07",{"date":1183,"score":1172,"percentile":1173},"2025-11-08",{"date":1185,"score":1172,"percentile":1173},"2025-11-09",{"date":1187,"score":1172,"percentile":1173},"2025-11-10",{"date":1189,"score":1172,"percentile":1173},"2025-11-11",{"date":1191,"score":1172,"percentile":1192},"2025-11-12",0.97408,{"date":1194,"score":1172,"percentile":1195},"2025-11-13",0.97407,{"date":1197,"score":1172,"percentile":1195},"2025-11-14",{"date":1199,"score":1172,"percentile":1173},"2025-11-15",{"date":1201,"score":1172,"percentile":1176},"2025-11-16",{"date":1203,"score":1172,"percentile":1176},"2025-11-17",{"date":1205,"score":1206,"percentile":1207},"2025-11-18",0.55947,0.98009,{"date":1209,"score":1206,"percentile":1210},"2025-11-19",0.98011,{"date":1212,"score":1206,"percentile":1213},"2025-11-20",0.98013,{"date":1215,"score":1216,"percentile":1217},"2025-11-21",0.57341,0.98028,{"date":1219,"score":1216,"percentile":1220},"2025-11-22",0.98026,{"date":1222,"score":1216,"percentile":1223},"2025-11-23",0.98025,{"date":1225,"score":1216,"percentile":1223},"2025-11-24",{"date":1227,"score":1216,"percentile":1220},"2025-11-25",{"date":1229,"score":1216,"percentile":1220},"2025-11-26",{"date":1231,"score":1216,"percentile":1232},"2025-11-27",0.98027,{"date":1234,"score":1216,"percentile":1232},"2025-11-28",{"date":1236,"score":1216,"percentile":1237},"2025-11-29",0.98029,{"date":1239,"score":1216,"percentile":1217},"2025-11-30",{"date":1241,"score":1242,"percentile":1243},"2025-12-01",0.14695,0.94258,{"date":1245,"score":1242,"percentile":1246},"2025-12-02",0.94259,{"date":1248,"score":1242,"percentile":1249},"2025-12-03",0.9426,{"date":1251,"score":1216,"percentile":1232},"2025-12-04",{"date":1253,"score":1216,"percentile":1220},"2025-12-05",{"date":1255,"score":1216,"percentile":1232},"2025-12-06",{"date":1257,"score":1216,"percentile":1217},"2025-12-07",{"date":1259,"score":1216,"percentile":1237},"2025-12-08",{"date":1261,"score":1216,"percentile":1237},"2025-12-09",{"date":1263,"score":1216,"percentile":1264},"2025-12-10",0.98032,{"date":1266,"score":1216,"percentile":1267},"2025-12-11",0.98034,{"date":1269,"score":1216,"percentile":1270},"2025-12-12",0.98038,{"date":1272,"score":1216,"percentile":1273},"2025-12-13",0.98033,{"date":1275,"score":1216,"percentile":1267},"2025-12-14",{"date":1277,"score":1216,"percentile":1267},"2025-12-15",{"date":1279,"score":1216,"percentile":1280},"2025-12-16",0.98041,{"date":1282,"score":1216,"percentile":1283},"2025-12-17",0.98044,{"date":1285,"score":1216,"percentile":1283},"2025-12-18",{"date":1287,"score":1216,"percentile":1288},"2025-12-19",0.98045,{"date":1290,"score":1216,"percentile":1283},"2025-12-20",{"date":1292,"score":1216,"percentile":1293},"2025-12-21",0.98043,{"date":1295,"score":1216,"percentile":1270},"2025-12-22",{"date":1297,"score":1216,"percentile":1283},"2025-12-23",{"date":1299,"score":1216,"percentile":1288},"2025-12-24",{"date":1301,"score":1216,"percentile":1302},"2025-12-25",0.98042,{"date":1304,"score":1216,"percentile":1293},"2025-12-26",{"date":1306,"score":1216,"percentile":1307},"2025-12-27",0.98055,{"date":1309,"score":1216,"percentile":1293},"2025-12-28",{"date":1311,"score":1216,"percentile":1283},"2025-12-29",{"date":1313,"score":1216,"percentile":1302},"2025-12-30",{"date":1315,"score":1216,"percentile":1316},"2025-12-31",0.98046,{"date":1318,"score":1242,"percentile":1319},"2026-01-01",0.94313,{"date":1321,"score":1242,"percentile":1322},"2026-01-02",0.94307,{"date":1324,"score":1242,"percentile":1325},"2026-01-03",0.94304,{"date":1327,"score":1216,"percentile":1307},"2026-01-04",{"date":1329,"score":1216,"percentile":1330},"2026-01-05",0.98056,{"date":1332,"score":1216,"percentile":1307},"2026-01-06",{"date":1334,"score":1216,"percentile":1335},"2026-01-07",0.98058,{"date":1337,"score":1216,"percentile":1338},"2026-01-08",0.98059,{"date":1340,"score":1216,"percentile":1341},"2026-01-09",0.98061,{"date":1343,"score":1216,"percentile":1344},"2026-01-10",0.98062,{"date":1346,"score":1216,"percentile":1347},"2026-01-11",0.9806,{"date":1349,"score":1216,"percentile":1347},"2026-01-12",{"date":1351,"score":1216,"percentile":1344},"2026-01-13",{"date":1353,"score":1216,"percentile":1354},"2026-01-14",0.98065,{"date":1356,"score":1216,"percentile":1357},"2026-01-15",0.98066,{"date":1359,"score":1216,"percentile":1360},"2026-01-16",0.98067,{"date":1362,"score":1216,"percentile":1363},"2026-01-17",0.98069,{"date":1365,"score":1216,"percentile":1366},"2026-01-18",0.98068,{"date":1368,"score":1216,"percentile":1363},"2026-01-19",{"date":1370,"score":1216,"percentile":1371},"2026-01-20",0.9807,{"date":1373,"score":1216,"percentile":1374},"2026-01-21",0.98071,{"date":1376,"score":1216,"percentile":1377},"2026-01-22",0.98073,{"date":1379,"score":1216,"percentile":1380},"2026-01-23",0.98074,{"date":1382,"score":1216,"percentile":1383},"2026-01-24",0.98076,{"date":1385,"score":1216,"percentile":1386},"2026-01-25",0.98075,{"date":1388,"score":1216,"percentile":1389},"2026-01-26",0.98077,{"date":1391,"score":1216,"percentile":1389},"2026-01-27",{"date":1393,"score":1216,"percentile":1394},"2026-01-28",0.98078,{"date":1396,"score":1216,"percentile":1389},"2026-01-29",{"date":1398,"score":1216,"percentile":1389},"2026-01-30",{"date":1400,"score":1216,"percentile":1383},"2026-01-31",{"date":1402,"score":1242,"percentile":1403},"2026-02-01",0.94338,[1405],{"source":1117,"cvss_v2_0":1406,"cvss_v3_0":1411,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":1407,"baseSeverity":9,"vectorString":1408,"impactScore":1409,"exploitabilityScore":1410},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":1115,"baseSeverity":1412,"vectorString":1118,"impactScore":1413,"exploitabilityScore":1410},"HIGH",6,[1415,1424],{"ecosystem":9,"name":1416,"vendor":1417,"product":1418,"cpe_part":1419,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1420},"Apache Tomcat Connectors","apache software foundation","apache tomcat connectors","a",[1421],{"version":1422,"is_range":1112,"range_type":1123,"version_start":1422,"version_start_type":1423,"version_end":1422,"version_end_type":1423,"fixed_in":9},"Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42","including",{"ecosystem":9,"name":1425,"vendor":1426,"product":1427,"cpe_part":1419,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1428},"tomcat jk connector","apache","tomcat_jk_connector",[1429],{"version":1430,"is_range":1431,"range_type":1432,"version_start":1433,"version_start_type":1423,"version_end":1434,"version_end_type":1423,"fixed_in":9},"gte1.2.0_lte1.2.42",true,"cpe","1.2.0","1.2.42"]