{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:56ea7464-4c04-5ade-8c32-59277d4db588", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-util", "version": "7.0.109-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e27d247a-611e-58a1-a31e-77d3b64dc8c8", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7345b53-5f08-58e9-8206-ea4decb4ab49", "id": "CVE-2015-5174", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5174 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee07b444-a7f6-5781-a254-f41bed26dea1", "id": "CVE-2015-5346", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5346 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10964875-353e-55be-9360-82220dce736b", "id": "CVE-2016-0706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0706 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:073cfe7e-1e3b-5707-aed2-acb29e16cf17", "id": "CVE-2016-0762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0762 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fba79bfe-5483-5371-a854-9146da94817e", "id": "CVE-2016-0763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0763 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b57a510-69d3-5fd3-a11f-c2afb5295df0", "id": "CVE-2016-5018", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5018 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6466547-ba79-5ad0-a613-fe4ad78f7a6f", "id": "CVE-2016-6794", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6794 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b825b2cd-fd68-5c29-a36c-ed8ea87221b2", "id": "CVE-2016-6796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6796 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:763945d3-1224-5d63-87e4-45da037ca342", "id": "CVE-2016-6797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6797 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6051bdeb-0d79-5a85-899a-b8904aa3152e", "id": "CVE-2016-6816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6816 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d6559b1-e573-5f10-879f-222abff951a0", "id": "CVE-2016-6817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6817 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:693252d9-fd1d-5e92-ba88-ae7732eab07c", "id": "CVE-2016-8745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8745 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a93c154d-72f7-5d1f-8704-0d976603c91c", "id": "CVE-2016-8747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8747 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b75a0e9a-eaeb-5a88-9790-94cb48ce294b", "id": "CVE-2017-12617", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12617 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7aad6b89-c048-5a10-be5c-2ffc00d25ba3", "id": "CVE-2017-5647", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5647 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2fb5d07-c776-5131-be3f-d6f819d7028b", "id": "CVE-2017-5648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5648 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba2008d7-769b-5c14-9bd7-e0a1f7092164", "id": "CVE-2017-5650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe87b88f-a696-58c4-bc0f-37a5efb91948", "id": "CVE-2017-5651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18e591ba-8bc0-59de-8c72-68e4799104af", "id": "CVE-2017-5664", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5664 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e39b66f-7952-509b-a035-c979a1f43ba1", "id": "CVE-2017-7674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7674 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a670997e-a7c1-5162-9810-a30d80e84e9e", "id": "CVE-2017-7675", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7675 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57433947-29e2-5c6c-805d-3f8e5c333cb8", "id": "CVE-2018-1304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1304 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f57a343f-8d5d-5ccb-a5aa-21e2d82b6f6d", "id": "CVE-2018-1305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a4b7c7e-b05a-5c11-9567-5fdb6be095fd", "id": "CVE-2018-1336", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1336 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:161eedd9-287b-5f67-95a1-610b84fd9b72", "id": "CVE-2018-8014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8014 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:370b6661-6d48-5eff-b0af-9c0db24d8d5c", "id": "CVE-2018-8034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8034 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef0038f5-da99-5f85-b6b9-0a0a5759df64", "id": "CVE-2019-12418", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12418 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bb00a99-8dd5-588f-9183-976f8efc0006", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf734637-403e-5bcc-92be-931a2c632831", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89e501b6-3041-568a-9990-bc17884be912", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82819a4f-1d2c-5fcb-9f1c-b81fe3c71777", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62adf8f1-1d6f-597e-bc0e-bebae7a00496", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78fb0e1b-44a2-5133-875f-0480bb558eb3", "id": "CVE-2021-30639", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-30639 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54929f1e-5b3b-59cc-8f61-f8e42744d0e9", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6293f12-8ddb-5c79-bcfe-1c0c49178af3", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1829e793-5c36-5455-9dce-4a5f137938c7", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd79c195-10b1-5b68-963e-b25f7a96098d", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b8c373d-5574-5b35-a940-cd2b443d9350", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d6c5e5e-9def-5c4e-86c6-d4b2c2c793d3", "id": "CVE-2024-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38286 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c38d724b-e27e-5447-82a7-42234e9dbaf1", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8fe6f4a-d144-56ea-9719-cf82f8664695", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24e3ecc5-3cba-5b4e-a2af-bddf2bc61d27", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2afb1cc1-d7e6-598f-8014-c10a71439be0", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90a0f9b8-666c-5d1b-af9f-3c4282db5f66", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b829e644-8b82-5501-9eee-18715a1b8c7a", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3daf5e6-f757-5972-a691-cc113518fe92", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4bcdd808-fdd5-59f6-9b98-ef0b3a0ea4b1", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c86e70f-a4e7-5cae-b9d3-a29389dad262", "id": "CVE-2026-29145", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-29145 does not affect version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util. The official CVE record (https://www.cve.org/CVERecord?id=CVE-2026-29145) limits the affected versions to Apache Tomcat 9.0.13\u20139.0.115, 10.1.0-M7\u201310.1.52, and 11.0.0-M1\u201311.0.18. Version 7.0.109 is not within any of these ranges" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05aaba16-43c6-589d-a13e-27c7a47700f3", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:308c6873-aa71-5b21-804d-a141d33ca915", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@7.0.109-tuxcare.1" } ] }