[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-10072":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":39,"aliases":40,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":72,"related":73,"reserved_at":9,"published_at":82,"modified_at":83,"state":84,"summary":85,"references_raw":94,"kevs":259,"epss":260,"epss_history":263,"metrics":492,"affected":504},"CVE-2019-10072","The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-667","Improper Locking","The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.","weakness","Draft","Class",[19,31,35],{"id":20,"name":21,"techniques":22},"CAPEC-25","Forced Deadlock",[23],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1499.004","Application or System Exploitation",[27],{"id":28,"name":29},"TA0105","Impact",[],{"id":32,"name":33,"techniques":34},"CAPEC-26","Leveraging Race Conditions",[],{"id":36,"name":37,"techniques":38},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],[],[41],"GHSA-q4hg-rmq2-52q9",[],[44,46,48,50,52,54,56,58,60,62,64,66,68,70],{"_key":45},"SUSE-SU-2019:1866-1",{"_key":47},"SUSE-SU-2020:0029-1",{"_key":49},"SUSE-SU-2020:0226-1",{"_key":51},"SUSE-SU-2020:0632-1",{"_key":53},"UBUNTU-CVE-2019-10072",{"_key":55},"USN-4128-1",{"_key":57},"USN-4128-2",{"_key":59},"OPENSUSE-SU-2020:0038-1",{"_key":61},"OPENSUSE-SU-2024:11468-1",{"_key":63},"OPENSUSE-SU-2024:13441-1",{"_key":65},"DSA-4680-1",{"_key":67},"MGASA-2019-0260",{"_key":69},"DEBIAN-CVE-2019-10072",{"_key":71},"RHSA-2019:3929",[],[74,75,76,77,78,79,80,81],{"_key":67},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":59},{"_key":61},{"_key":63},"2019-06-21T17:56:42.000Z","2024-08-04T22:10:09.192Z","Modified",{"cisa_kev":86,"cisa_ransomware":86,"cisa_vendor":9,"epss_severity":87,"epss_score":88,"severity":89,"severity_score":90,"severity_version":91,"severity_source":92,"severity_vector":93,"severity_status":84},false,"critical",0.713,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[95,102,108,112,119,123,128,134,138,142,146,151,156,160,164,168,172,177,181,185,189,194,198,202,206,210,214,218,222,226,230,234,238,242,246,250,254],{"url":96,"sources":97,"tags":99},"http://www.securityfocus.com/bid/108874",[98,92],"cve.org",[100,101],"VDB Entry","X Refsource BID",{"url":103,"sources":104,"tags":105},"https://usn.ubuntu.com/4128-1/",[98,92],[106,107],"Vendor Advisory","X Refsource UBUNTU",{"url":109,"sources":110,"tags":111},"https://usn.ubuntu.com/4128-2/",[98,92],[106,107],{"url":113,"sources":114,"tags":116},"https://access.redhat.com/errata/RHSA-2019:3929",[98,92,115],"osv_maven",[106,117,118],"X Refsource REDHAT","WEB",{"url":120,"sources":121,"tags":122},"https://access.redhat.com/errata/RHSA-2019:3931",[98,92,115],[106,117,118],{"url":124,"sources":125,"tags":126},"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html",[98,92,115],[106,127,118],"X Refsource SUSE",{"url":129,"sources":130,"tags":131},"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",[98,92,115],[132,133,118],"Mailing List","X Refsource MLIST",{"url":135,"sources":136,"tags":137},"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",[98,92,115],[132,133,118],{"url":139,"sources":140,"tags":141},"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",[98,92,115],[132,133,118],{"url":143,"sources":144,"tags":145},"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",[98,92,115],[132,133,118],{"url":147,"sources":148,"tags":149},"https://www.debian.org/security/2020/dsa-4680",[98,92,115],[106,150,118],"X Refsource DEBIAN",{"url":152,"sources":153,"tags":154},"https://www.oracle.com/security-alerts/cpuapr2020.html",[98,92,115],[155,118],"X Refsource MISC",{"url":157,"sources":158,"tags":159},"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",[98,92,115],[155,118],{"url":161,"sources":162,"tags":163},"https://www.oracle.com/security-alerts/cpujan2020.html",[98,92,115],[155,118],{"url":165,"sources":166,"tags":167},"https://www.oracle.com/security-alerts/cpuoct2020.html",[98,92,115],[155,118],{"url":169,"sources":170,"tags":171},"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E",[98,92,115],[155,118],{"url":173,"sources":174,"tags":175},"https://www.synology.com/security/advisory/Synology_SA_19_29",[98,92,115],[176,118],"X Refsource CONFIRM",{"url":178,"sources":179,"tags":180},"https://security.netapp.com/advisory/ntap-20190625-0002/",[98,92],[176],{"url":182,"sources":183,"tags":184},"https://support.f5.com/csp/article/K17321505",[98,92,115],[176,118],{"url":186,"sources":187,"tags":188},"https://www.oracle.com/security-alerts/cpuApr2021.html",[98,92,115],[155,118],{"url":190,"sources":191,"tags":192},"https://nvd.nist.gov/vuln/detail/CVE-2019-10072",[115],[193],"Advisory",{"url":195,"sources":196,"tags":197},"https://github.com/apache/tomcat/commit/0bcd69c9dd8ae0ff424f2cd46de51583510b7f35",[115],[118],{"url":199,"sources":200,"tags":201},"https://github.com/apache/tomcat/commit/7f748eb6bfaba5207c89dbd7d5adf50fae847145",[115],[118],{"url":203,"sources":204,"tags":205},"https://github.com/apache/tomcat/commit/8d14c6f21d29768a39be4b6b9517060dc6606758",[115],[118],{"url":207,"sources":208,"tags":209},"https://github.com/apache/tomcat/commit/ada725a50a60867af3422c8e612aecaeea856a9a",[115],[118],{"url":211,"sources":212,"tags":213},"https://security.netapp.com/advisory/ntap-20190625-0002",[115],[118],{"url":215,"sources":216,"tags":217},"https://tomcat.apache.org/security-8.html",[115],[118],{"url":219,"sources":220,"tags":221},"https://tomcat.apache.org/security-9.html",[115],[118],{"url":223,"sources":224,"tags":225},"https://usn.ubuntu.com/4128-1",[115],[118],{"url":227,"sources":228,"tags":229},"https://usn.ubuntu.com/4128-2",[115],[118],{"url":231,"sources":232,"tags":233},"https://web.archive.org/web/20200227033743/http://www.securityfocus.com/bid/108874",[115],[118],{"url":235,"sources":236,"tags":237},"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E",[115],[118],{"url":239,"sources":240,"tags":241},"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E",[115],[118],{"url":243,"sources":244,"tags":245},"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E",[115],[118],{"url":247,"sources":248,"tags":249},"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E",[115],[118],{"url":251,"sources":252,"tags":253},"https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E",[115],[118],{"url":255,"sources":256,"tags":257},"https://github.com/apache/tomcat",[115],[258],"PACKAGE",[],{"date":261,"score":88,"percentile":262},"2026-06-04",0.98736,[264,268,271,273,276,278,281,283,285,287,289,291,293,295,298,302,305,308,312,315,318,320,322,324,326,328,331,333,337,340,343,345,347,349,351,353,355,357,360,363,366,368,370,372,375,378,380,383,386,388,390,392,394,396,399,401,404,406,409,412,415,418,421,423,426,428,431,434,436,439,441,443,446,448,451,453,455,459,462,464,467,469,472,474,476,479,482,484,486,488],{"date":265,"score":266,"percentile":267},"2025-11-04",0.75719,0.98847,{"date":269,"score":266,"percentile":270},"2025-11-05",0.98846,{"date":272,"score":266,"percentile":270},"2025-11-06",{"date":274,"score":266,"percentile":275},"2025-11-07",0.98843,{"date":277,"score":266,"percentile":275},"2025-11-08",{"date":279,"score":266,"percentile":280},"2025-11-09",0.98844,{"date":282,"score":266,"percentile":280},"2025-11-10",{"date":284,"score":266,"percentile":275},"2025-11-11",{"date":286,"score":266,"percentile":280},"2025-11-12",{"date":288,"score":266,"percentile":280},"2025-11-13",{"date":290,"score":266,"percentile":280},"2025-11-14",{"date":292,"score":266,"percentile":275},"2025-11-15",{"date":294,"score":266,"percentile":280},"2025-11-16",{"date":296,"score":266,"percentile":297},"2025-11-17",0.98845,{"date":299,"score":300,"percentile":301},"2025-11-18",0.66248,0.98531,{"date":303,"score":300,"percentile":304},"2025-11-19",0.98532,{"date":306,"score":300,"percentile":307},"2025-11-20",0.98534,{"date":309,"score":310,"percentile":311},"2025-11-21",0.71585,0.98661,{"date":313,"score":310,"percentile":314},"2025-11-22",0.98658,{"date":316,"score":310,"percentile":317},"2025-11-23",0.98657,{"date":319,"score":310,"percentile":317},"2025-11-24",{"date":321,"score":310,"percentile":314},"2025-11-25",{"date":323,"score":310,"percentile":314},"2025-11-26",{"date":325,"score":310,"percentile":314},"2025-11-27",{"date":327,"score":310,"percentile":314},"2025-11-28",{"date":329,"score":310,"percentile":330},"2025-11-29",0.98659,{"date":332,"score":310,"percentile":330},"2025-11-30",{"date":334,"score":335,"percentile":336},"2025-12-01",0.32625,0.96709,{"date":338,"score":335,"percentile":339},"2025-12-02",0.96707,{"date":341,"score":335,"percentile":342},"2025-12-03",0.96708,{"date":344,"score":310,"percentile":311},"2025-12-04",{"date":346,"score":310,"percentile":311},"2025-12-05",{"date":348,"score":310,"percentile":311},"2025-12-06",{"date":350,"score":310,"percentile":311},"2025-12-07",{"date":352,"score":310,"percentile":311},"2025-12-08",{"date":354,"score":310,"percentile":311},"2025-12-09",{"date":356,"score":310,"percentile":311},"2025-12-10",{"date":358,"score":310,"percentile":359},"2025-12-11",0.98662,{"date":361,"score":310,"percentile":362},"2025-12-12",0.98664,{"date":364,"score":310,"percentile":365},"2025-12-13",0.98663,{"date":367,"score":310,"percentile":362},"2025-12-14",{"date":369,"score":310,"percentile":365},"2025-12-15",{"date":371,"score":310,"percentile":362},"2025-12-16",{"date":373,"score":310,"percentile":374},"2025-12-17",0.98665,{"date":376,"score":310,"percentile":377},"2025-12-18",0.98667,{"date":379,"score":310,"percentile":377},"2025-12-19",{"date":381,"score":310,"percentile":382},"2025-12-20",0.98669,{"date":384,"score":310,"percentile":385},"2025-12-21",0.98668,{"date":387,"score":310,"percentile":385},"2025-12-22",{"date":389,"score":310,"percentile":385},"2025-12-23",{"date":391,"score":310,"percentile":385},"2025-12-24",{"date":393,"score":310,"percentile":382},"2025-12-25",{"date":395,"score":310,"percentile":382},"2025-12-26",{"date":397,"score":310,"percentile":398},"2025-12-27",0.98682,{"date":400,"score":310,"percentile":382},"2025-12-28",{"date":402,"score":310,"percentile":403},"2025-12-29",0.9867,{"date":405,"score":310,"percentile":403},"2025-12-30",{"date":407,"score":310,"percentile":408},"2025-12-31",0.98671,{"date":410,"score":335,"percentile":411},"2026-01-01",0.96743,{"date":413,"score":335,"percentile":414},"2026-01-02",0.96742,{"date":416,"score":335,"percentile":417},"2026-01-03",0.9674,{"date":419,"score":310,"percentile":420},"2026-01-04",0.98672,{"date":422,"score":310,"percentile":420},"2026-01-05",{"date":424,"score":310,"percentile":425},"2026-01-06",0.98673,{"date":427,"score":310,"percentile":425},"2026-01-07",{"date":429,"score":310,"percentile":430},"2026-01-08",0.98674,{"date":432,"score":310,"percentile":433},"2026-01-09",0.98677,{"date":435,"score":310,"percentile":433},"2026-01-10",{"date":437,"score":310,"percentile":438},"2026-01-11",0.98676,{"date":440,"score":310,"percentile":438},"2026-01-12",{"date":442,"score":310,"percentile":433},"2026-01-13",{"date":444,"score":310,"percentile":445},"2026-01-14",0.9868,{"date":447,"score":310,"percentile":445},"2026-01-15",{"date":449,"score":310,"percentile":450},"2026-01-16",0.98681,{"date":452,"score":310,"percentile":450},"2026-01-17",{"date":454,"score":310,"percentile":450},"2026-01-18",{"date":456,"score":457,"percentile":458},"2026-01-19",0.72141,0.98702,{"date":460,"score":457,"percentile":461},"2026-01-20",0.98703,{"date":463,"score":457,"percentile":461},"2026-01-21",{"date":465,"score":457,"percentile":466},"2026-01-22",0.98705,{"date":468,"score":457,"percentile":466},"2026-01-23",{"date":470,"score":457,"percentile":471},"2026-01-24",0.98706,{"date":473,"score":457,"percentile":471},"2026-01-25",{"date":475,"score":457,"percentile":471},"2026-01-26",{"date":477,"score":457,"percentile":478},"2026-01-27",0.98707,{"date":480,"score":457,"percentile":481},"2026-01-28",0.98708,{"date":483,"score":457,"percentile":481},"2026-01-29",{"date":485,"score":457,"percentile":481},"2026-01-30",{"date":487,"score":457,"percentile":481},"2026-01-31",{"date":489,"score":490,"percentile":491},"2026-02-01",0.33395,0.96824,[493,502],{"source":92,"cvss_v2_0":494,"cvss_v3_0":499,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":495,"baseSeverity":9,"vectorString":496,"impactScore":497,"exploitabilityScore":498},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":90,"baseSeverity":500,"vectorString":93,"impactScore":501,"exploitabilityScore":498},"HIGH",6,{"source":115,"cvss_v2_0":9,"cvss_v3_0":503,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":90,"baseSeverity":9,"vectorString":93,"impactScore":501,"exploitabilityScore":498},[505,573],{"ecosystem":9,"name":506,"vendor":9,"product":506,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":507},"Tomcat",[508,515,519,521,523,525,527,529,531,533,535,537,539,541,543,545,547,549,551,553,555,557,559,561,563,565,567,569,571],{"version":509,"is_range":510,"range_type":511,"version_start":512,"version_start_type":513,"version_end":514,"version_end_type":513,"fixed_in":9},"gte8.5.0_lte8.5.40",true,"cpe","8.5.0","including","8.5.40",{"version":516,"is_range":510,"range_type":511,"version_start":517,"version_start_type":513,"version_end":518,"version_end_type":513,"fixed_in":9},"gte9.0.1_lte9.0.19","9.0.1","9.0.19",{"version":520,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone1",{"version":522,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone10",{"version":524,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone11",{"version":526,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone12",{"version":528,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone13",{"version":530,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone14",{"version":532,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone15",{"version":534,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone16",{"version":536,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone17",{"version":538,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone18",{"version":540,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone19",{"version":542,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone2",{"version":544,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone20",{"version":546,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone21",{"version":548,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone22",{"version":550,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone23",{"version":552,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone24",{"version":554,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone25",{"version":556,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone26",{"version":558,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone27",{"version":560,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone3",{"version":562,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone4",{"version":564,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone5",{"version":566,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone6",{"version":568,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone7",{"version":570,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone8",{"version":572,"is_range":86,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0.0:milestone9",{"ecosystem":574,"name":575,"vendor":576,"product":577,"cpe_part":9,"purl_type":578,"purl_namespace":576,"purl_name":577,"source":9,"versions":579},"Maven","org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core","maven",[580,586],{"version":581,"is_range":510,"range_type":582,"version_start":583,"version_start_type":513,"version_end":584,"version_end_type":585,"fixed_in":9},"gte9_0_0_M1_lt9_0_20","ecosystem","9.0.0.M1","9.0.20","excluding",{"version":587,"is_range":510,"range_type":582,"version_start":512,"version_start_type":513,"version_end":588,"version_end_type":585,"fixed_in":9},"gte8_5_0_lt8_5_41","8.5.41"]