{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:210b70fe-b019-586c-95d3-7d279647b968", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-catalina", "version": "7.0.109-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cf32f871-d4f8-52e7-a2e6-300269eee5c5", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51ee9465-04b8-57e0-95c2-4dc1318d2544", "id": "CVE-2015-5174", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5174 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:774e9972-0f1c-5882-b928-16bfabe45e07", "id": "CVE-2015-5346", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5346 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a974295f-2869-5af0-bbc4-42fe7301bd25", "id": "CVE-2016-0706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0706 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3add2dc-9ea8-5c02-b885-5bde4c68fcb9", "id": "CVE-2016-0762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0762 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa9f2af1-c5ed-5b7c-b48b-6263cc820f62", "id": "CVE-2016-0763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0763 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd8ccba9-b052-504b-a03c-d1a46a8a47d0", "id": "CVE-2016-5018", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5018 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:579f4857-9e17-59e2-81e9-b960802c8529", "id": "CVE-2016-6794", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6794 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4fa542cf-46c0-57d6-9a5a-dd91198e472c", "id": "CVE-2016-6796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6796 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b952085e-01d3-57fe-a231-231916ea91cf", "id": "CVE-2016-6797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6797 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bebd7c88-5385-5e6f-90a7-e113d306beb9", "id": "CVE-2016-6816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6816 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d5dd391-b7c8-51d6-852c-8921eeff7821", "id": "CVE-2016-6817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6817 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:390a8fd2-b71c-5717-a860-7e94f95c8576", "id": "CVE-2016-8745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8745 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5704c0e6-c075-5b8f-981b-419434e9736d", "id": "CVE-2016-8747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8747 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2709f83b-6fa0-588c-a37f-7a7af9f981b8", "id": "CVE-2017-12617", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12617 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3dbdf45-4a22-53c6-9677-07421b57c408", "id": "CVE-2017-5647", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5647 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1413031b-0add-52da-a4be-86942bbc15e3", "id": "CVE-2017-5648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5648 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17ab3534-d134-560f-b522-f7d24ec14b00", "id": "CVE-2017-5650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e9406b8-a289-5291-98d4-ee72fd8c5c4a", "id": "CVE-2017-5651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58d9d75d-8c91-5477-be96-0d318565fbff", "id": "CVE-2017-5664", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5664 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b3a7d9b-d2a7-52d7-a1cc-de3e134dffbf", "id": "CVE-2017-7674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7674 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba4227c6-cdda-5a43-945d-17bf28dcc900", "id": "CVE-2017-7675", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7675 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10f2ba4e-1fb5-5d29-8399-3885763c5267", "id": "CVE-2018-1304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1304 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f3037fa-ab47-5b57-a904-56e95f550ab3", "id": "CVE-2018-1305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f2db920-8c66-5d54-a4d8-be3f74d09938", "id": "CVE-2018-1336", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1336 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e84b70e-eb80-5ea5-85bc-fb7d44dc1b54", "id": "CVE-2018-8014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8014 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a74ac37d-f287-5045-a498-bee2913a95ae", "id": "CVE-2018-8034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8034 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4381e5e-67e5-5a90-82bb-3b75cb997bb2", "id": "CVE-2019-12418", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12418 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1249e30-0658-5a6c-a6c7-eb1a9de645f3", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da58edf7-9966-5a5e-a847-4744f589091e", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c181ff51-887d-5d4f-bb92-c3827ecfa778", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e6d52fa-a7af-54bd-a282-fd742c53d951", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05989855-fa26-52ee-b3f3-fab29a1d03cb", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1d73fbc-2b90-50e7-9937-a77b3b4d9ce3", "id": "CVE-2021-30639", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-30639 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60cd068e-675c-5442-83d4-ffe962ac3fdf", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b33b5ad6-d42e-5bf3-b65f-373406f543b2", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fab6abbf-dd55-5aa0-9744-44ba6ce814db", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3218b7e2-ff6b-51a4-813c-a3cbd7ae311c", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d1129505-92e5-5591-8486-64efd0ae622c", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02cf3766-8471-5cb9-91fa-60fc8bad961b", "id": "CVE-2024-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38286 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1e9b49f-d1dc-5709-95c3-10f13f7644ff", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07c89af5-417b-5b23-a9de-a9bef2fcab35", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5689b7e1-1401-58cc-abdb-9ea3b9d9a8ad", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14c14ece-c287-5dce-af93-121c4bc75786", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0d09929-b85b-50b8-87c3-99f62984c946", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0d3e8f3-4faf-5a7c-946f-b8f6ad0fbbe7", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5ecf9d8-30d9-5e23-9ff8-42e0428f3b17", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f9d0858-7e37-514e-9c8d-664adb6ff8e4", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13cd6949-86f6-526f-8559-4bc99852af60", "id": "CVE-2026-29145", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-29145 does not affect version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina. The official CVE record (https://www.cve.org/CVERecord?id=CVE-2026-29145) limits the affected versions to Apache Tomcat 9.0.13\u20139.0.115, 10.1.0-M7\u201310.1.52, and 11.0.0-M1\u201311.0.18. Version 7.0.109 is not within any of these ranges" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e18163db-e74b-5ba0-a489-98f5753c477e", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71d0044b-3ee6-5960-98ed-d93b75b00c0c", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-catalina." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.109-tuxcare.1" } ] }