[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-42252":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":61,"related":62,"reserved_at":9,"published_at":71,"modified_at":72,"state":73,"summary":74,"references_raw":83,"kevs":135,"epss":136,"epss_history":139,"metrics":412,"affected":422},"CVE-2022-42252","If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[29,30],"GHSA-p22x-g9px-3945","BIT-tomcat-2022-42252",[],[33,35,37,39,41,43,45,47,49,51,53,55,57,59],{"_key":34},"SUSE-SU-2022:4193-1",{"_key":36},"SUSE-SU-2022:4221-1",{"_key":38},"SUSE-SU-2022:4257-1",{"_key":40},"SUSE-SU-2022:4303-1",{"_key":42},"OPENSUSE-SU-2024:12534-1",{"_key":44},"OPENSUSE-SU-2024:13441-1",{"_key":46},"DLA-3384-1",{"_key":48},"DSA-5381-1",{"_key":50},"RHSA-2023:1663",{"_key":52},"SUSE-SU-2026:1058-1",{"_key":54},"MGASA-2023-0138",{"_key":56},"USN-6880-1",{"_key":58},"DEBIAN-CVE-2022-42252",{"_key":60},"UBUNTU-CVE-2022-42252",[],[63,64,65,66,67,68,69,70],{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":52},{"_key":54},"2022-11-01T00:00:00.000Z","2025-05-06T15:09:20.374Z","Modified",{"cisa_kev":75,"cisa_ransomware":75,"cisa_vendor":9,"epss_severity":76,"epss_score":77,"severity":78,"severity_score":79,"severity_version":80,"severity_source":81,"severity_vector":82,"severity_status":73},false,"low",0.0029,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[84,93,97,102,106,110,114,118,123,127,131],{"url":85,"sources":86,"tags":89},"https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq",[81,87,88],"nvd","osv_maven",[90,91,92],"Mailing List","Vendor Advisory","WEB",{"url":94,"sources":95,"tags":96},"https://security.gentoo.org/glsa/202305-37",[81,87,88],[92],{"url":98,"sources":99,"tags":100},"https://nvd.nist.gov/vuln/detail/CVE-2022-42252",[88],[101],"Advisory",{"url":103,"sources":104,"tags":105},"https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920",[88],[92],{"url":107,"sources":108,"tags":109},"https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77",[88],[92],{"url":111,"sources":112,"tags":113},"https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a",[88],[92],{"url":115,"sources":116,"tags":117},"https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3",[88],[92],{"url":119,"sources":120,"tags":121},"https://github.com/apache/tomcat",[88],[122],"PACKAGE",{"url":124,"sources":125,"tags":126},"https://tomcat.apache.org/security-10.html",[88],[92],{"url":128,"sources":129,"tags":130},"https://tomcat.apache.org/security-8.html",[88],[92],{"url":132,"sources":133,"tags":134},"https://tomcat.apache.org/security-9.html",[88],[92],[],{"date":137,"score":77,"percentile":138},"2026-06-04",0.52634,[140,144,147,150,153,156,159,162,164,167,170,173,176,179,182,186,189,192,196,199,202,205,208,211,213,216,219,222,226,229,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,287,290,294,297,300,303,306,309,312,315,319,322,325,327,330,333,336,339,342,345,349,352,355,358,361,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,409],{"date":141,"score":142,"percentile":143},"2025-11-04",0.00146,0.35552,{"date":145,"score":142,"percentile":146},"2025-11-05",0.3554,{"date":148,"score":142,"percentile":149},"2025-11-06",0.35536,{"date":151,"score":142,"percentile":152},"2025-11-07",0.3556,{"date":154,"score":142,"percentile":155},"2025-11-08",0.35551,{"date":157,"score":142,"percentile":158},"2025-11-09",0.35538,{"date":160,"score":142,"percentile":161},"2025-11-10",0.35508,{"date":163,"score":142,"percentile":149},"2025-11-11",{"date":165,"score":142,"percentile":166},"2025-11-12",0.35576,{"date":168,"score":142,"percentile":169},"2025-11-13",0.3559,{"date":171,"score":142,"percentile":172},"2025-11-14",0.35594,{"date":174,"score":142,"percentile":175},"2025-11-15",0.35593,{"date":177,"score":142,"percentile":178},"2025-11-16",0.35572,{"date":180,"score":142,"percentile":181},"2025-11-17",0.35546,{"date":183,"score":184,"percentile":185},"2025-11-18",0.09905,0.92213,{"date":187,"score":184,"percentile":188},"2025-11-19",0.92216,{"date":190,"score":184,"percentile":191},"2025-11-20",0.92221,{"date":193,"score":194,"percentile":195},"2025-11-21",0.00169,0.38615,{"date":197,"score":194,"percentile":198},"2025-11-22",0.38618,{"date":200,"score":194,"percentile":201},"2025-11-23",0.38584,{"date":203,"score":194,"percentile":204},"2025-11-24",0.38575,{"date":206,"score":194,"percentile":207},"2025-11-25",0.38587,{"date":209,"score":194,"percentile":210},"2025-11-26",0.38581,{"date":212,"score":194,"percentile":207},"2025-11-27",{"date":214,"score":194,"percentile":215},"2025-11-28",0.38561,{"date":217,"score":194,"percentile":218},"2025-11-29",0.38535,{"date":220,"score":194,"percentile":221},"2025-11-30",0.38519,{"date":223,"score":224,"percentile":225},"2025-12-01",0.00151,0.36268,{"date":227,"score":224,"percentile":228},"2025-12-02",0.36274,{"date":230,"score":224,"percentile":228},"2025-12-03",{"date":232,"score":194,"percentile":233},"2025-12-04",0.38514,{"date":235,"score":194,"percentile":236},"2025-12-05",0.38547,{"date":238,"score":194,"percentile":239},"2025-12-06",0.38546,{"date":241,"score":194,"percentile":242},"2025-12-07",0.38525,{"date":244,"score":194,"percentile":245},"2025-12-08",0.38539,{"date":247,"score":194,"percentile":248},"2025-12-09",0.38579,{"date":250,"score":194,"percentile":251},"2025-12-10",0.38639,{"date":253,"score":194,"percentile":254},"2025-12-11",0.38668,{"date":256,"score":194,"percentile":257},"2025-12-12",0.38702,{"date":259,"score":194,"percentile":260},"2025-12-13",0.38677,{"date":262,"score":194,"percentile":263},"2025-12-14",0.3864,{"date":265,"score":194,"percentile":266},"2025-12-15",0.38614,{"date":268,"score":194,"percentile":269},"2025-12-16",0.38647,{"date":271,"score":194,"percentile":272},"2025-12-17",0.3869,{"date":274,"score":194,"percentile":275},"2025-12-18",0.3874,{"date":277,"score":194,"percentile":278},"2025-12-19",0.38761,{"date":280,"score":194,"percentile":281},"2025-12-20",0.38741,{"date":283,"score":194,"percentile":284},"2025-12-21",0.38694,{"date":286,"score":194,"percentile":254},"2025-12-22",{"date":288,"score":194,"percentile":289},"2025-12-23",0.38671,{"date":291,"score":292,"percentile":293},"2025-12-24",0.00184,0.40471,{"date":295,"score":292,"percentile":296},"2025-12-25",0.40522,{"date":298,"score":292,"percentile":299},"2025-12-26",0.40501,{"date":301,"score":292,"percentile":302},"2025-12-27",0.40526,{"date":304,"score":292,"percentile":305},"2025-12-28",0.40421,{"date":307,"score":292,"percentile":308},"2025-12-29",0.40395,{"date":310,"score":292,"percentile":311},"2025-12-30",0.40386,{"date":313,"score":292,"percentile":314},"2025-12-31",0.40434,{"date":316,"score":317,"percentile":318},"2026-01-01",0.00164,0.38051,{"date":320,"score":317,"percentile":321},"2026-01-02",0.38024,{"date":323,"score":317,"percentile":324},"2026-01-03",0.38014,{"date":326,"score":292,"percentile":308},"2026-01-04",{"date":328,"score":292,"percentile":329},"2026-01-05",0.40367,{"date":331,"score":292,"percentile":332},"2026-01-06",0.40371,{"date":334,"score":292,"percentile":335},"2026-01-07",0.40392,{"date":337,"score":292,"percentile":338},"2026-01-08",0.4042,{"date":340,"score":292,"percentile":341},"2026-01-09",0.40405,{"date":343,"score":292,"percentile":344},"2026-01-10",0.40406,{"date":346,"score":347,"percentile":348},"2026-01-11",0.00157,0.37073,{"date":350,"score":347,"percentile":351},"2026-01-12",0.37025,{"date":353,"score":347,"percentile":354},"2026-01-13",0.37001,{"date":356,"score":347,"percentile":357},"2026-01-14",0.3705,{"date":359,"score":347,"percentile":360},"2026-01-15",0.37037,{"date":362,"score":347,"percentile":363},"2026-01-16",0.37059,{"date":365,"score":347,"percentile":366},"2026-01-17",0.37038,{"date":368,"score":347,"percentile":369},"2026-01-18",0.3698,{"date":371,"score":347,"percentile":372},"2026-01-19",0.36927,{"date":374,"score":347,"percentile":375},"2026-01-20",0.36907,{"date":377,"score":347,"percentile":378},"2026-01-21",0.36885,{"date":380,"score":347,"percentile":381},"2026-01-22",0.36868,{"date":383,"score":347,"percentile":384},"2026-01-23",0.36928,{"date":386,"score":347,"percentile":387},"2026-01-24",0.36934,{"date":389,"score":347,"percentile":390},"2026-01-25",0.36875,{"date":392,"score":347,"percentile":393},"2026-01-26",0.36807,{"date":395,"score":347,"percentile":396},"2026-01-27",0.36804,{"date":398,"score":347,"percentile":399},"2026-01-28",0.36789,{"date":401,"score":347,"percentile":402},"2026-01-29",0.36762,{"date":404,"score":347,"percentile":405},"2026-01-30",0.36763,{"date":407,"score":347,"percentile":408},"2026-01-31",0.36766,{"date":410,"score":317,"percentile":411},"2026-02-01",0.37664,[413,418,420],{"source":81,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":414,"cvss_v4_0":9},{"baseScore":79,"baseSeverity":415,"vectorString":82,"impactScore":416,"exploitabilityScore":417},"HIGH",6,10,{"source":87,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":419,"cvss_v4_0":9},{"baseScore":79,"baseSeverity":415,"vectorString":82,"impactScore":416,"exploitabilityScore":417},{"source":88,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":421,"cvss_v4_0":9},{"baseScore":79,"baseSeverity":9,"vectorString":82,"impactScore":416,"exploitabilityScore":417},[423,447,466,480],{"ecosystem":9,"name":424,"vendor":425,"product":426,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"Apache Tomcat","apache software foundation","apache tomcat","a",[429,435,439,443],{"version":430,"is_range":431,"range_type":81,"version_start":432,"version_start_type":433,"version_end":434,"version_end_type":433,"fixed_in":9},">= 10.1.0-M1, \u003C= 10.1.0",true,"10.1.0-M1","including","10.1.0",{"version":436,"is_range":431,"range_type":81,"version_start":437,"version_start_type":433,"version_end":438,"version_end_type":433,"fixed_in":9},">= 10.0.0-M1, \u003C= 10.0.26","10.0.0-M1","10.0.26",{"version":440,"is_range":431,"range_type":81,"version_start":441,"version_start_type":433,"version_end":442,"version_end_type":433,"fixed_in":9},">= 9.0.0-M1, \u003C= 9.0.67","9.0.0-M1","9.0.67",{"version":444,"is_range":431,"range_type":81,"version_start":445,"version_start_type":433,"version_end":446,"version_end_type":433,"fixed_in":9},">= 8.5.0, \u003C= 8.5.82","8.5.0","8.5.82",{"ecosystem":9,"name":448,"vendor":9,"product":448,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":449},"Tomcat",[450,455,459,463],{"version":451,"is_range":431,"range_type":452,"version_start":445,"version_start_type":433,"version_end":453,"version_end_type":454,"fixed_in":9},"gte8.5.0_lt8.5.83","cpe","8.5.83","excluding",{"version":456,"is_range":431,"range_type":452,"version_start":457,"version_start_type":433,"version_end":458,"version_end_type":454,"fixed_in":9},"gte9.0.0_lt9.0.68","9.0.0","9.0.68",{"version":460,"is_range":431,"range_type":452,"version_start":461,"version_start_type":433,"version_end":462,"version_end_type":454,"fixed_in":9},"gte10.0.0_lt10.0.27","10.0.0","10.0.27",{"version":464,"is_range":431,"range_type":452,"version_start":434,"version_start_type":433,"version_end":465,"version_end_type":454,"fixed_in":9},"gte10.1.0_lt10.1.1","10.1.1",{"ecosystem":467,"name":468,"vendor":469,"product":470,"cpe_part":9,"purl_type":471,"purl_namespace":469,"purl_name":470,"source":9,"versions":472},"Maven","org.apache.tomcat:tomcat-coyote","org.apache.tomcat","tomcat-coyote","maven",[473,476,478],{"version":474,"is_range":431,"range_type":475,"version_start":441,"version_start_type":433,"version_end":458,"version_end_type":454,"fixed_in":9},"gte9_0_0_M1_lt9_0_68","ecosystem",{"version":477,"is_range":431,"range_type":475,"version_start":437,"version_start_type":433,"version_end":462,"version_end_type":454,"fixed_in":9},"gte10_0_0_M1_lt10_0_27",{"version":479,"is_range":431,"range_type":475,"version_start":432,"version_start_type":433,"version_end":465,"version_end_type":454,"fixed_in":9},"gte10_1_0_M1_lt10_1_1",{"ecosystem":467,"name":481,"vendor":482,"product":483,"cpe_part":9,"purl_type":471,"purl_namespace":482,"purl_name":483,"source":9,"versions":484},"org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core",[485,487,488,489],{"version":486,"is_range":431,"range_type":475,"version_start":445,"version_start_type":433,"version_end":453,"version_end_type":454,"fixed_in":9},"gte8_5_0_lt8_5_83",{"version":474,"is_range":431,"range_type":475,"version_start":441,"version_start_type":433,"version_end":458,"version_end_type":454,"fixed_in":9},{"version":477,"is_range":431,"range_type":475,"version_start":437,"version_start_type":433,"version_end":462,"version_end_type":454,"fixed_in":9},{"version":479,"is_range":431,"range_type":475,"version_start":432,"version_start_type":433,"version_end":465,"version_end_type":454,"fixed_in":9}]