nvd-json-data-feeds/CVE-2023/CVE-2023-456xx/CVE-2023-45648.json

{
  "id": "CVE-2023-45648",
  "sourceIdentifier": "security@apache.org",
  "published": "2023-10-10T19:15:09.690",
  "lastModified": "2023-11-04T06:15:52.537",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.\n\n"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Tomcat.Tomcat desde 11.0.0-M1 hasta 11.0.0-M11, desde 10.1.0-M1 hasta 10.1.13, desde 9.0.0-M1 hasta 9.0.81 y desde 8.5.0 hasta 8.5 .93 no analizaron correctamente los encabezados de las colas HTTP. Un encabezado de avance no v\u00e1lido y especialmente manipulado podr\u00eda hacer que Tomcat trate una sola solicitud como solicitudes m\u00faltiples, lo que genera la posibilidad de contrabando de solicitudes cuando est\u00e1 detr\u00e1s de un proxy inverso. Se recomienda a los usuarios actualizar a la versi\u00f3n 11.0.0-M12 en adelante, 10.1.14 en adelante, 9.0.81 en adelante o 8.5.94 en adelante, que solucionan el problema."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@apache.org",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "8.5.0",
              "versionEndExcluding": "8.5.94",
              "matchCriteriaId": "FE1F7111-22BD-489A-B2C9-E67E0D601824"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "9.0.1",
              "versionEndExcluding": "9.0.81",
              "matchCriteriaId": "37FCE624-DD65-4AC5-A602-BB66E0E54CFC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "10.1.1",
              "versionEndExcluding": "10.1.14",
              "matchCriteriaId": "0995DE67-7E3B-4CFE-AB96-E2243F994755"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
              "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
              "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
              "matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
              "matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
              "matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
              "matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
              "matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
              "matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
              "matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
              "matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
              "matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
              "matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
              "matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
              "matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
              "matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
              "matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
              "matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
              "matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*",
              "matchCriteriaId": "33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*",
              "matchCriteriaId": "F6BD4180-D3E8-42AB-96B1-3869ECF47F6C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*",
              "matchCriteriaId": "64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*",
              "matchCriteriaId": "FC64BB57-4912-481E-AE8D-C8FCD36142BB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*",
              "matchCriteriaId": "49B43BFD-6B6C-4E6D-A9D8-308709DDFB44"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*",
              "matchCriteriaId": "919C16BD-79A7-4597-8D23-2CBDED2EF615"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*",
              "matchCriteriaId": "81B27C03-D626-42EC-AE4E-1E66624908E3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*",
              "matchCriteriaId": "BD81405D-81A5-4683-A355-B39C912DAD2D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*",
              "matchCriteriaId": "2DCE3576-86BC-4BB8-A5FB-1274744DFD7F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*",
              "matchCriteriaId": "5571F54A-2EAC-41B6-BDA9-7D33CFE97F70"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*",
              "matchCriteriaId": "ED30E850-C475-4133-BDE3-74CB3768D787"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "D334103F-F64E-4869-BCC8-670A5AFCC76C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "941FCF7B-FFB6-4967-95C7-BB3D32C73DAF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "CE1A9030-B397-4BA6-8E13-DA1503872DDB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "6284B74A-1051-40A7-9D74-380FEEEC3F88"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
              "matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
              "matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://security.netapp.com/advisory/ntap-20231103-0007/",
      "source": "security@apache.org"
    },
    {
      "url": "https://www.debian.org/security/2023/dsa-5521",
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.debian.org/security/2023/dsa-5522",
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-10-10T20:00:25.815099+00:00 2023-10-10 20:00:29 +00:00			`{`
			`"id": "CVE-2023-45648",`
			`"sourceIdentifier": "security@apache.org",`
			`"published": "2023-10-10T19:15:09.690",`
Auto-Update: 2023-11-04T07:00:20.703888+00:00 2023-11-04 07:00:24 +00:00			`"lastModified": "2023-11-04T06:15:52.537",`
			`"vulnStatus": "Modified",`
Auto-Update: 2023-10-10T20:00:25.815099+00:00 2023-10-10 20:00:29 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.\n\n"
Auto-Update: 2023-10-13T18:00:24.495400+00:00 2023-10-13 18:00:28 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Tomcat.Tomcat desde 11.0.0-M1 hasta 11.0.0-M11, desde 10.1.0-M1 hasta 10.1.13, desde 9.0.0-M1 hasta 9.0.81 y desde 8.5.0 hasta 8.5 .93 no analizaron correctamente los encabezados de las colas HTTP. Un encabezado de avance no v\u00e1lido y especialmente manipulado podr\u00eda hacer que Tomcat trate una sola solicitud como solicitudes m\u00faltiples, lo que genera la posibilidad de contrabando de solicitudes cuando est\u00e1 detr\u00e1s de un proxy inverso. Se recomienda a los usuarios actualizar a la versi\u00f3n 11.0.0-M12 en adelante, 10.1.14 en adelante, 9.0.81 en adelante o 8.5.94 en adelante, que solucionan el problema."
Auto-Update: 2023-10-10T20:00:25.815099+00:00 2023-10-10 20:00:29 +00:00			`}`
			`],`
Auto-Update: 2023-10-16T16:00:24.520468+00:00 2023-10-16 16:00:28 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 1.4`
			`}`
			`]`
			`},`
Auto-Update: 2023-10-10T20:00:25.815099+00:00 2023-10-10 20:00:29 +00:00			`"weaknesses": [`
			`{`
Auto-Update: 2023-11-04T07:00:20.703888+00:00 2023-11-04 07:00:24 +00:00			`"source": "security@apache.org",`
Auto-Update: 2023-10-10T20:00:25.815099+00:00 2023-10-10 20:00:29 +00:00			`"type": "Primary",`
Auto-Update: 2023-10-16T16:00:24.520468+00:00 2023-10-16 16:00:28 +00:00			`"description": [`
			`{`
			`"lang": "en",`
Auto-Update: 2023-11-04T07:00:20.703888+00:00 2023-11-04 07:00:24 +00:00			`"value": "CWE-20"`
Auto-Update: 2023-10-16T16:00:24.520468+00:00 2023-10-16 16:00:28 +00:00			`}`
			`]`
			`},`
			`{`
Auto-Update: 2023-11-04T07:00:20.703888+00:00 2023-11-04 07:00:24 +00:00			`"source": "nvd@nist.gov",`
Auto-Update: 2023-10-16T16:00:24.520468+00:00 2023-10-16 16:00:28 +00:00			`"type": "Secondary",`
Auto-Update: 2023-10-10T20:00:25.815099+00:00 2023-10-10 20:00:29 +00:00			`"description": [`
			`{`
			`"lang": "en",`
Auto-Update: 2023-11-04T07:00:20.703888+00:00 2023-11-04 07:00:24 +00:00			`"value": "NVD-CWE-Other"`
Auto-Update: 2023-10-10T20:00:25.815099+00:00 2023-10-10 20:00:29 +00:00			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-10-16T16:00:24.520468+00:00 2023-10-16 16:00:28 +00:00			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat::::::::",`
			`"versionStartIncluding": "8.5.0",`
			`"versionEndExcluding": "8.5.94",`
			`"matchCriteriaId": "FE1F7111-22BD-489A-B2C9-E67E0D601824"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat::::::::",`
			`"versionStartIncluding": "9.0.1",`
			`"versionEndExcluding": "9.0.81",`
			`"matchCriteriaId": "37FCE624-DD65-4AC5-A602-BB66E0E54CFC"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat::::::::",`
			`"versionStartIncluding": "10.1.1",`
			`"versionEndExcluding": "10.1.14",`
			`"matchCriteriaId": "0995DE67-7E3B-4CFE-AB96-E2243F994755"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::",`
			`"matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::",`
			`"matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::",`
			`"matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::",`
			`"matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::",`
			`"matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::",`
			`"matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::",`
			`"matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::",`
			`"matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::",`
			`"matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18::::::",`
			`"matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19::::::",`
			`"matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::",`
			`"matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20::::::",`
			`"matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21::::::",`
			`"matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22::::::",`
			`"matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23::::::",`
			`"matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24::::::",`
			`"matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25::::::",`
			`"matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26::::::",`
			`"matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27::::::",`
			`"matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::",`
			`"matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::",`
			`"matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::",`
			`"matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::",`
			`"matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::",`
			`"matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::",`
			`"matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::",`
			`"matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::",`
			`"matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::",`
			`"matchCriteriaId": "33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::",`
			`"matchCriteriaId": "F6BD4180-D3E8-42AB-96B1-3869ECF47F6C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::",`
			`"matchCriteriaId": "64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::",`
			`"matchCriteriaId": "FC64BB57-4912-481E-AE8D-C8FCD36142BB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::",`
			`"matchCriteriaId": "49B43BFD-6B6C-4E6D-A9D8-308709DDFB44"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15::::::",`
			`"matchCriteriaId": "919C16BD-79A7-4597-8D23-2CBDED2EF615"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16::::::",`
			`"matchCriteriaId": "81B27C03-D626-42EC-AE4E-1E66624908E3"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17::::::",`
			`"matchCriteriaId": "BD81405D-81A5-4683-A355-B39C912DAD2D"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone18::::::",`
			`"matchCriteriaId": "2DCE3576-86BC-4BB8-A5FB-1274744DFD7F"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone19::::::",`
			`"matchCriteriaId": "5571F54A-2EAC-41B6-BDA9-7D33CFE97F70"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::",`
			`"matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone20::::::",`
			`"matchCriteriaId": "ED30E850-C475-4133-BDE3-74CB3768D787"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::",`
			`"matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::",`
			`"matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::",`
			`"matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::",`
			`"matchCriteriaId": "D334103F-F64E-4869-BCC8-670A5AFCC76C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::",`
			`"matchCriteriaId": "941FCF7B-FFB6-4967-95C7-BB3D32C73DAF"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::",`
			`"matchCriteriaId": "CE1A9030-B397-4BA6-8E13-DA1503872DDB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::",`
			`"matchCriteriaId": "6284B74A-1051-40A7-9D74-380FEEEC3F88"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::",`
			`"matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::",`
			`"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::",`
			`"matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::",`
			`"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::",`
			`"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::",`
			`"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::",`
			`"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::",`
			`"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::",`
			`"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::",`
			`"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::",`
			`"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:debian:debian_linux:10.0:::::::*",`
			`"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:debian:debian_linux:11.0:::::::*",`
			`"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:debian:debian_linux:12.0:::::::*",`
			`"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-10-10T20:00:25.815099+00:00 2023-10-10 20:00:29 +00:00			`"references": [`
Auto-Update: 2023-10-10T22:00:25.045996+00:00 2023-10-10 22:00:28 +00:00			`{`
			`"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10",`
Auto-Update: 2023-10-16T16:00:24.520468+00:00 2023-10-16 16:00:28 +00:00			`"source": "security@apache.org",`
			`"tags": [`
			`"Mailing List",`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-10-10T22:00:25.045996+00:00 2023-10-10 22:00:28 +00:00			`},`
Auto-Update: 2023-10-10T20:00:25.815099+00:00 2023-10-10 20:00:29 +00:00			`{`
			`"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",`
Auto-Update: 2023-10-16T16:00:24.520468+00:00 2023-10-16 16:00:28 +00:00			`"source": "security@apache.org",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-10-11T08:00:26.208607+00:00 2023-10-11 08:00:29 +00:00			`},`
Auto-Update: 2023-10-13T18:00:24.495400+00:00 2023-10-13 18:00:28 +00:00			`{`
			`"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",`
Auto-Update: 2023-10-16T16:00:24.520468+00:00 2023-10-16 16:00:28 +00:00			`"source": "security@apache.org",`
			`"tags": [`
			`"Mailing List",`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-10-13T18:00:24.495400+00:00 2023-10-13 18:00:28 +00:00			`},`
Auto-Update: 2023-11-04T07:00:20.703888+00:00 2023-11-04 07:00:24 +00:00			`{`
			`"url": "https://security.netapp.com/advisory/ntap-20231103-0007/",`
			`"source": "security@apache.org"`
			`},`
Auto-Update: 2023-10-11T08:00:26.208607+00:00 2023-10-11 08:00:29 +00:00			`{`
			`"url": "https://www.debian.org/security/2023/dsa-5521",`
Auto-Update: 2023-10-16T16:00:24.520468+00:00 2023-10-16 16:00:28 +00:00			`"source": "security@apache.org",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-10-11T08:00:26.208607+00:00 2023-10-11 08:00:29 +00:00			`},`
			`{`
			`"url": "https://www.debian.org/security/2023/dsa-5522",`
Auto-Update: 2023-10-16T16:00:24.520468+00:00 2023-10-16 16:00:28 +00:00			`"source": "security@apache.org",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-10-10T20:00:25.815099+00:00 2023-10-10 20:00:29 +00:00			`}`
			`]`
			`}`