{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c86f7644-ed03-5e34-b29f-26e3d873db62", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-juli", "version": "7.0.109-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:46059b63-5687-55bf-bcc5-c27723549979", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd1641c8-0a1c-5f76-860b-6315ca9cbecc", "id": "CVE-2015-5174", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5174 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8e481ce-7254-5651-9e5e-3dec5ccf21f2", "id": "CVE-2015-5346", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5346 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f61ed322-ba33-5cc9-8737-cc5be468a64f", "id": "CVE-2016-0706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0706 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6dd7a10-dbd6-527b-b5b9-59c853da8d4a", "id": "CVE-2016-0762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0762 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43c3c78e-820e-5e6c-9f1c-f5234060575d", "id": "CVE-2016-0763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0763 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebb69f95-3594-5dbf-8a65-933cdc17e71b", "id": "CVE-2016-5018", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5018 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5682845d-0900-5b41-a270-9c844259a78c", "id": "CVE-2016-6794", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6794 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e31f3b57-6d4f-582c-aa7c-d038d8c26ca3", "id": "CVE-2016-6796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6796 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e5aa5f4-9313-5606-be15-f18a2a4a1372", "id": "CVE-2016-6797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6797 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c77f5d15-dca6-5f0a-b261-ced66c5d40fd", "id": "CVE-2016-6816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6816 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b86b79ab-cb18-5f60-a35a-71f55103b5e8", "id": "CVE-2016-6817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6817 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96404f5b-5bf6-51c7-b4b6-4319d88bd2d4", "id": "CVE-2016-8745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8745 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fcffad3-7260-5ce5-bd95-432f36a755d9", "id": "CVE-2016-8747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8747 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11729518-8428-50c9-8e9c-726439bab11e", "id": "CVE-2017-12617", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12617 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48408e82-0157-57ca-a2e9-81a60c57f2c8", "id": "CVE-2017-5647", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5647 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:819dec52-a5d6-5f78-a538-5d008c3e3939", "id": "CVE-2017-5648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5648 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:846ef301-0867-5b7a-984d-8091381de0bc", "id": "CVE-2017-5650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63560629-6cd6-5b35-bd21-6f141af16b96", "id": "CVE-2017-5651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14698d86-dcc9-5b9d-9e80-057024b34c2b", "id": "CVE-2017-5664", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5664 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:897a4854-31da-5410-85e0-e2e29aaa67ab", "id": "CVE-2017-7674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7674 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e42ce778-540b-5016-89d8-a7b7cb6be3f4", "id": "CVE-2017-7675", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7675 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca8e83ad-5c1b-5512-a3ec-7a9d9a78ffda", "id": "CVE-2018-1304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1304 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b416800-c612-52ff-9628-f5c041118e05", "id": "CVE-2018-1305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35fb272b-c568-54d8-aaad-5787421ce6d3", "id": "CVE-2018-1336", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1336 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9953f0b6-dd6b-5641-b0e9-83e2d9f2e855", "id": "CVE-2018-8014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8014 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90e1efd8-04b0-525f-b7ab-f6642c727f1b", "id": "CVE-2018-8034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8034 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2488ddf4-4cc5-58d5-a177-77229067c061", "id": "CVE-2019-12418", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12418 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b5778f8-3be4-532f-86fe-847cbed089c6", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f69f6b79-fbe8-569a-b0b5-ab876af3699f", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:832ae7ec-4ccc-5b97-b4ed-179115086107", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8696f2de-5770-5f27-b013-a5e5f1666316", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:697bb762-6d26-5c64-9707-2336b7680664", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b70d9fc-40b7-5bfc-934a-a80d93149069", "id": "CVE-2021-30639", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-30639 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50ae7b7c-f12b-5541-b6e9-207d0aa16503", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f54209c-4d23-5ba8-934d-9722ffe15823", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85c4aa81-6381-5fc4-bf2e-a4515951d787", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c1d08e1-829e-54e0-a20f-199ecf64512e", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9473697-7ddb-5b52-95a0-ac6860076d2d", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4bd542ee-9332-534d-b31f-6640e97355c7", "id": "CVE-2024-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38286 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a6f44ea-cbd0-5eb9-8a1b-6ffbb64e27cb", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13a241d1-340e-5dee-a089-c5aef0e950c8", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4269c34-35bf-5c9f-b272-483b6a257bb3", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea600026-116c-5be3-9048-a6a00228a5ed", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae749a53-5a3a-5df0-93c0-b1c1c1976f26", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66ccb983-df56-51c6-a7cc-e60a4b895a6c", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c34d840d-9ae1-5596-a4b9-847ab3d68339", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:606afc4c-abb1-5813-ae77-a0ec0dd4ad9a", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a3caa88-c43c-5ee2-aa0e-24b8566e252c", "id": "CVE-2026-29145", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-29145 does not affect version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli. The official CVE record (https://www.cve.org/CVERecord?id=CVE-2026-29145) limits the affected versions to Apache Tomcat 9.0.13\u20139.0.115, 10.1.0-M7\u201310.1.52, and 11.0.0-M1\u201311.0.18. Version 7.0.109 is not within any of these ranges" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3af2eef4-a048-5d86-8218-a0b9d4c5278e", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c5f95c0-9d66-5ebf-84fc-14400ab18d3e", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-juli." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-juli@7.0.109-tuxcare.1" } ] }