{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9f8f9406-214c-54f6-bbf4-e53e954e2ebe", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jasper", "version": "7.0.109-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a6b7ef5d-9197-5db8-a93c-c5895b4f7238", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9abff2d-e38c-5fb0-a4aa-c627a3be3b45", "id": "CVE-2015-5174", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5174 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:820b08b4-2a7e-52d1-b8c0-887fbcda2e2d", "id": "CVE-2015-5346", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5346 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce334768-ea52-5ae4-ae3f-fad88b73971a", "id": "CVE-2016-0706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0706 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e0335ff-66b3-5d2b-819c-4497f9a0a0b6", "id": "CVE-2016-0762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0762 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5a59091-9861-50f9-882e-1f9d83fa51e7", "id": "CVE-2016-0763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0763 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d71aad75-8d6f-57bf-97d0-832d4b0ed348", "id": "CVE-2016-5018", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5018 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4f8e6e8-e714-5467-be69-479de05a93b2", "id": "CVE-2016-6794", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6794 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f477b70-226a-5c83-a7d2-fa57a069ebd1", "id": "CVE-2016-6796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6796 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe3e13e0-51c5-59eb-af13-97f4050d7440", "id": "CVE-2016-6797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6797 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f11bbc2-7cf7-5b80-a814-ea4deeaf4bca", "id": "CVE-2016-6816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6816 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea401cad-44ab-5173-9de3-4353432f560f", "id": "CVE-2016-6817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6817 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7671038d-048e-502c-b8e1-c720853a58cf", "id": "CVE-2016-8745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8745 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07891dd1-144c-59bf-b2ef-f76e308a3cbe", "id": "CVE-2016-8747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8747 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e4c7ee9-e658-5169-a3eb-1fdbcdd2ffdf", "id": "CVE-2017-12617", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12617 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5dace759-4e2e-58fa-b96b-a0d96bc187f2", "id": "CVE-2017-5647", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5647 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e053f57-9e0d-5f10-9f4b-c488e2e04177", "id": "CVE-2017-5648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5648 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5c09791-f968-51fe-b8da-a064c81a1f45", "id": "CVE-2017-5650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e19728d-12d6-578b-bb29-6da9453eb760", "id": "CVE-2017-5651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1edfbad0-a8da-5839-a216-e66fdd5e3608", "id": "CVE-2017-5664", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5664 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:314daa02-b6e2-56a9-b42e-8b392fcd594b", "id": "CVE-2017-7674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7674 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bbcad049-5ff9-52a0-b3ca-6c363f25a9f4", "id": "CVE-2017-7675", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7675 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e33146fd-20fb-5999-b82e-af51216f3c1e", "id": "CVE-2018-1304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1304 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:682042d4-aa6e-5f13-a7de-869ef80370b8", "id": "CVE-2018-1305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04318f63-4053-5c89-84d8-0d8ccb67a2ee", "id": "CVE-2018-1336", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1336 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6568a020-29d9-510b-871b-6cdb9c4a98e9", "id": "CVE-2018-8014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8014 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6c52b46-3cfe-5c03-a973-52aaae9a37d5", "id": "CVE-2018-8034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8034 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3100a6b-8003-5079-9ebf-f77e65be48d3", "id": "CVE-2019-12418", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12418 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a5265fc1-ff3a-5b33-943d-2b844a74fe3f", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d1f6ecc-d7e8-51dd-9bf1-49b6f642584d", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1639b232-e812-5226-b856-a20e82acbf16", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9aa74d14-6b45-547a-b6bc-ece65ef1e62c", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:160b3634-0af9-5155-9dc6-0b9907781319", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c55862d-7496-51bd-9f3a-83a67b3d9979", "id": "CVE-2021-30639", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-30639 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f6fbfe0-c3d2-525e-920f-3b933a2e7ac6", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c2b0852-7233-55b9-9415-bf97de54246d", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c038ae2b-af13-57f5-8e43-8a8460c48256", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19aed9ea-66d8-5781-8606-4481caf16d37", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d73fda6b-2733-54b9-ba8b-05e19ad01668", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a4e161c-ffdb-5b69-a8bf-5653cac2f268", "id": "CVE-2024-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38286 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc374aee-94df-59e2-b0c6-65b035c2fd42", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c38f7c9-f942-5543-87ea-a0ceb857383f", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4d6ee47-869f-516f-b06f-6f415abda2d8", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5f69fb6-0350-553f-b7fb-3da2aceca43d", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f08c616-4f95-58c6-a854-1d0ea7918dc3", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc1c8edc-9b54-59a1-bf34-e15d894d00f3", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:395b4bc2-5a90-5329-9242-68943c08d340", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4f808d7-2ca1-5e00-a48e-cd0404a86aff", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aeb3db05-dc83-5b9d-97f0-ad46679e8853", "id": "CVE-2026-29145", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-29145 does not affect version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper. The official CVE record (https://www.cve.org/CVERecord?id=CVE-2026-29145) limits the affected versions to Apache Tomcat 9.0.13\u20139.0.115, 10.1.0-M7\u201310.1.52, and 11.0.0-M1\u201311.0.18. Version 7.0.109 is not within any of these ranges" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91a39a78-c300-5110-b706-2c6058df0d8b", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df9ab586-1fa4-5f2d-a300-06d5f9aa5d88", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper@7.0.109-tuxcare.1" } ] }