diff --git a/vulnerabilities/importers/apache_tomcat.py b/vulnerabilities/importers/apache_tomcat.py index 9d371ee7d..83f4384ba 100644 --- a/vulnerabilities/importers/apache_tomcat.py +++ b/vulnerabilities/importers/apache_tomcat.py @@ -16,10 +16,8 @@ from bs4 import BeautifulSoup from packageurl import PackageURL from univers.version_constraint import VersionConstraint -from univers.version_range import ApacheVersionRange from univers.version_range import MavenVersionRange from univers.versions import MavenVersion -from univers.versions import SemverVersion from vulnerabilities.importer import AdvisoryData from vulnerabilities.importer import AffectedPackage @@ -313,11 +311,6 @@ def generate_advisory_data_objects(url, tomcat_advisory_data_object): else: pass - affected_version_range_apache = to_version_ranges_apache( - affected_versions, - fixed_versions, - ) - affected_version_range_maven = to_version_ranges_maven( affected_versions, fixed_versions, @@ -336,16 +329,6 @@ def generate_advisory_data_objects(url, tomcat_advisory_data_object): affected_packages = [] - affected_packages.append( - AffectedPackage( - package=PackageURL( - type="apache", - name="tomcat", - ), - affected_version_range=affected_version_range_apache, - ) - ) - affected_packages.append( AffectedPackage( package=PackageURL( @@ -366,79 +349,6 @@ def generate_advisory_data_objects(url, tomcat_advisory_data_object): ) -def to_version_ranges_apache(versions_data, fixed_versions): - constraints = [] - - VersionConstraintTuple = namedtuple("VersionConstraintTuple", ["comparator", "version"]) - affected_constraint_tuple_list = [] - fixed_constraint_tuple_list = [] - - for version_item in versions_data: - version_item = version_item.strip() - if "to" in version_item: - version_item_split = version_item.split(" ") - affected_constraint_tuple_list.append( - VersionConstraintTuple(">=", version_item_split[0]) - ) - affected_constraint_tuple_list.append( - VersionConstraintTuple("<=", version_item_split[-1]) - ) - - elif "-" in version_item: - version_item_split = version_item.split("-") - affected_constraint_tuple_list.append( - VersionConstraintTuple(">=", version_item_split[0]) - ) - affected_constraint_tuple_list.append( - VersionConstraintTuple("<=", version_item_split[-1]) - ) - - elif version_item.startswith("<"): - version_item_split = version_item.split("<") - affected_constraint_tuple_list.append( - VersionConstraintTuple("<", version_item_split[-1]) - ) - - else: - version_item_split = version_item.split(" ") - affected_constraint_tuple_list.append( - VersionConstraintTuple("=", version_item_split[0]) - ) - - for fixed_item in fixed_versions: - - if "-" in fixed_item and not any([i.isalpha() for i in fixed_item]): - fixed_item_split = fixed_item.split(" ") - fixed_constraint_tuple_list.append(VersionConstraintTuple(">=", fixed_item_split[0])) - fixed_constraint_tuple_list.append(VersionConstraintTuple("<=", fixed_item_split[-1])) - - else: - fixed_item_split = fixed_item.split(" ") - fixed_constraint_tuple_list.append(VersionConstraintTuple("=", fixed_item_split[0])) - - for record in affected_constraint_tuple_list: - try: - constraints.append( - VersionConstraint( - comparator=record.comparator, - version=SemverVersion(record.version), - ) - ) - except Exception as e: - LOGGER.error(f"{record.version!r} is not a valid SemverVersion {e!r}") - continue - - for record in fixed_constraint_tuple_list: - constraints.append( - VersionConstraint( - comparator=record.comparator, - version=SemverVersion(record.version), - ).invert() - ) - - return ApacheVersionRange(constraints=constraints) - - def to_version_ranges_maven(versions_data, fixed_versions): constraints = [] diff --git a/vulnerabilities/tests/test_apache_tomcat.py b/vulnerabilities/tests/test_apache_tomcat.py index 51d33634f..05ef69253 100644 --- a/vulnerabilities/tests/test_apache_tomcat.py +++ b/vulnerabilities/tests/test_apache_tomcat.py @@ -20,7 +20,6 @@ from vulnerabilities.importer import AdvisoryData from vulnerabilities.importers.apache_tomcat import ApacheTomcatImporter from vulnerabilities.importers.apache_tomcat import extract_tomcat_advisory_data_from_page -from vulnerabilities.importers.apache_tomcat import to_version_ranges_apache from vulnerabilities.importers.apache_tomcat import to_version_ranges_maven from vulnerabilities.improvers.default import DefaultImprover from vulnerabilities.improvers.valid_versions import ApacheTomcatImprover @@ -395,30 +394,3 @@ def test_to_version_ranges(): assert ( MavenVersionRange.from_string(expected_versions_data_maven) == converted_versions_data_maven ) - - expected_versions_data_apache = "vers:apache/>=1.0.0|<=2.0.0|!=3.0.0|>=3.2.2|<=3.2.3|>=3.3a|<=3.3.1|!=3.3.1a|>=9.0.0.M1|<=9.0.0.M9|>=10.1.0-M1|<=10.1.0-M16" - - expected_ApacheVersionRange_versions_data = ApacheVersionRange( - constraints=( - VersionConstraint(comparator=">=", version=SemverVersion(string="1.0.0")), - VersionConstraint(comparator="<=", version=SemverVersion(string="2.0.0")), - VersionConstraint(comparator="!=", version=SemverVersion(string="3.0.0")), - VersionConstraint(comparator=">=", version=SemverVersion(string="3.2.2")), - VersionConstraint(comparator="<=", version=SemverVersion(string="3.2.3")), - VersionConstraint(comparator=">=", version=SemverVersion(string="3.3a")), - VersionConstraint(comparator="<=", version=SemverVersion(string="3.3.1")), - VersionConstraint(comparator="!=", version=SemverVersion(string="3.3.1a")), - VersionConstraint(comparator=">=", version=SemverVersion(string="9.0.0.M1")), - VersionConstraint(comparator="<=", version=SemverVersion(string="9.0.0.M9")), - VersionConstraint(comparator=">=", version=SemverVersion(string="10.1.0-M1")), - VersionConstraint(comparator="<=", version=SemverVersion(string="10.1.0-M16")), - ) - ) - - converted_versions_data_apache = to_version_ranges_apache(versions_data, fixed_versions) - - assert expected_ApacheVersionRange_versions_data == converted_versions_data_apache - assert ( - ApacheVersionRange.from_string(expected_versions_data_apache) - == converted_versions_data_apache - ) diff --git a/vulnerabilities/tests/test_data/apache_tomcat/apache-tomcat-improver-expected.json b/vulnerabilities/tests/test_data/apache_tomcat/apache-tomcat-improver-expected.json index 801710121..346829611 100644 --- a/vulnerabilities/tests/test_data/apache_tomcat/apache-tomcat-improver-expected.json +++ b/vulnerabilities/tests/test_data/apache_tomcat/apache-tomcat-improver-expected.json @@ -1,102 +1,4 @@ [ - { - "vulnerability_id": null, - "aliases": [ - "CVE-2005-4836" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "1.1.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "1.1.1", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "1.1.2", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "1.1.3", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "1.1.4", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "1.1.5", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "1.1.6", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "1.1.7", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "1.1.8", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": null, - "references": [ - { - "reference_id": "CVE-2005-4836", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836", - "severities": [ - { - "system": "apache_tomcat", - "value": "Moderate", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, { "vulnerability_id": null, "aliases": [ @@ -204,16 +106,16 @@ "summary": "", "affected_purls": [ { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.0+M1", + "version": "9.0.0.M1", "qualifiers": "", "subpath": "" }, { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", "version": "9.0.41", "qualifiers": "", @@ -221,8 +123,8 @@ } ], "fixed_purl": { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", "version": "9.0.43", "qualifiers": "", @@ -253,7 +155,7 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2020-9484" + "CVE-2021-25329" ], "confidence": 100, "summary": "", @@ -285,9 +187,9 @@ }, "references": [ { - "reference_id": "CVE-2020-9484", + "reference_id": "CVE-2021-25329", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329", "severities": [ { "system": "apache_tomcat", @@ -308,22 +210,22 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2021-25329" + "CVE-2021-25122" ], "confidence": 100, "summary": "", "affected_purls": [ { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.0+M1", + "version": "9.0.0.M1", "qualifiers": "", "subpath": "" }, { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", "version": "9.0.41", "qualifiers": "", @@ -331,8 +233,8 @@ } ], "fixed_purl": { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", "version": "9.0.43", "qualifiers": "", @@ -340,13 +242,13 @@ }, "references": [ { - "reference_id": "CVE-2021-25329", + "reference_id": "CVE-2021-25122", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122", "severities": [ { "system": "apache_tomcat", - "value": "Low", + "value": "Important", "scoring_elements": "" } ] @@ -354,7 +256,7 @@ { "reference_id": "", "reference_type": "", - "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453", + "url": "https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1", "severities": [] } ], @@ -363,7 +265,7 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2021-25329" + "CVE-2020-9484" ], "confidence": 100, "summary": "", @@ -380,7 +282,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.41", + "version": "9.0.34", "qualifiers": "", "subpath": "" } @@ -389,19 +291,19 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.43", + "version": "9.0.35", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2021-25329", + "reference_id": "CVE-2020-9484", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484", "severities": [ { "system": "apache_tomcat", - "value": "Low", + "value": "Important", "scoring_elements": "" } ] @@ -409,7 +311,7 @@ { "reference_id": "", "reference_type": "", - "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453", + "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222", "severities": [] } ], @@ -418,45 +320,45 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2021-25122" + "CVE-2018-8014" ], "confidence": 100, "summary": "", "affected_purls": [ { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.0+M1", + "version": "9.0.0.M1", "qualifiers": "", "subpath": "" }, { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.41", + "version": "9.0.8", "qualifiers": "", "subpath": "" } ], "fixed_purl": { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.43", + "version": "9.0.9", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2021-25122", + "reference_id": "CVE-2018-8014", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014", "severities": [ { "system": "apache_tomcat", - "value": "Important", + "value": "Low", "scoring_elements": "" } ] @@ -464,7 +366,7 @@ { "reference_id": "", "reference_type": "", - "url": "https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1", + "url": "https://svn.apache.org/viewvc?view=rev&rev=1831726", "severities": [] } ], @@ -473,7 +375,7 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2021-25122" + "CVE-2016-3092" ], "confidence": 100, "summary": "", @@ -482,7 +384,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.0.M1", + "version": "8.0.0.RC1", "qualifiers": "", "subpath": "" }, @@ -490,7 +392,23 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.41", + "version": "8.0.35", + "qualifiers": "", + "subpath": "" + }, + { + "type": "maven", + "namespace": "org.apache.tomcat", + "name": "tomcat", + "version": "8.5.0", + "qualifiers": "", + "subpath": "" + }, + { + "type": "maven", + "namespace": "org.apache.tomcat", + "name": "tomcat", + "version": "8.5.2", "qualifiers": "", "subpath": "" } @@ -499,19 +417,19 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.43", + "version": "8.0.36", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2021-25122", + "reference_id": "CVE-2016-3092", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092", "severities": [ { "system": "apache_tomcat", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] @@ -519,7 +437,13 @@ { "reference_id": "", "reference_type": "", - "url": "https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1", + "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722", + "severities": [] + }, + { + "reference_id": "", + "reference_type": "", + "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738", "severities": [] } ], @@ -528,45 +452,61 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2020-9484" + "CVE-2016-3092" ], "confidence": 100, "summary": "", "affected_purls": [ { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.0+M1", + "version": "8.0.0.RC1", "qualifiers": "", "subpath": "" }, { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.34", + "version": "8.0.35", + "qualifiers": "", + "subpath": "" + }, + { + "type": "maven", + "namespace": "org.apache.tomcat", + "name": "tomcat", + "version": "8.5.0", + "qualifiers": "", + "subpath": "" + }, + { + "type": "maven", + "namespace": "org.apache.tomcat", + "name": "tomcat", + "version": "8.5.2", "qualifiers": "", "subpath": "" } ], "fixed_purl": { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.35", + "version": "8.5.3", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2020-9484", + "reference_id": "CVE-2016-3092", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092", "severities": [ { "system": "apache_tomcat", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] @@ -574,7 +514,13 @@ { "reference_id": "", "reference_type": "", - "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222", + "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722", + "severities": [] + }, + { + "reference_id": "", + "reference_type": "", + "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738", "severities": [] } ], @@ -583,7 +529,7 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2020-9484" + "CVE-2008-5515" ], "confidence": 100, "summary": "", @@ -592,7 +538,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.0.M1", + "version": "5.5.0", "qualifiers": "", "subpath": "" }, @@ -600,7 +546,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.34", + "version": "5.5.27", "qualifiers": "", "subpath": "" } @@ -609,15 +555,15 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.35", + "version": "5.5.28", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2020-9484", + "reference_id": "CVE-2008-5515", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515", "severities": [ { "system": "apache_tomcat", @@ -629,7 +575,13 @@ { "reference_id": "", "reference_type": "", - "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222", + "url": "https://svn.apache.org/viewvc?view=rev&rev=782757", + "severities": [] + }, + { + "reference_id": "", + "reference_type": "", + "url": "https://svn.apache.org/viewvc?view=rev&rev=783291", "severities": [] } ], @@ -638,45 +590,45 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2018-8014" + "CVE-2009-0033" ], "confidence": 100, "summary": "", "affected_purls": [ { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.0+M1", + "version": "5.5.0", "qualifiers": "", "subpath": "" }, { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.8", + "version": "5.5.27", "qualifiers": "", "subpath": "" } ], "fixed_purl": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "9.0.9", + "type": "maven", + "namespace": "org.apache.tomcat", + "name": "tomcat", + "version": "5.5.28", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2018-8014", + "reference_id": "CVE-2009-0033", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033", "severities": [ { "system": "apache_tomcat", - "value": "Low", + "value": "Important", "scoring_elements": "" } ] @@ -684,7 +636,7 @@ { "reference_id": "", "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=1831726", + "url": "https://svn.apache.org/viewvc?view=rev&rev=781362", "severities": [] } ], @@ -693,7 +645,7 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2018-8014" + "CVE-2009-0580" ], "confidence": 100, "summary": "", @@ -702,7 +654,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.0.M1", + "version": "5.5.0", "qualifiers": "", "subpath": "" }, @@ -710,7 +662,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.8", + "version": "5.5.27", "qualifiers": "", "subpath": "" } @@ -719,15 +671,15 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "9.0.9", + "version": "5.5.28", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2018-8014", + "reference_id": "CVE-2009-0580", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580", "severities": [ { "system": "apache_tomcat", @@ -739,7 +691,7 @@ { "reference_id": "", "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=1831726", + "url": "https://svn.apache.org/viewvc?view=rev&rev=781379", "severities": [] } ], @@ -748,61 +700,45 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2016-3092" + "CVE-2009-0781" ], "confidence": 100, "summary": "", "affected_purls": [ { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "8.0.0+RC1", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "8.0.35", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.5.0", + "version": "5.5.0", "qualifiers": "", "subpath": "" }, { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.5.2", + "version": "5.5.27", "qualifiers": "", "subpath": "" } ], "fixed_purl": { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.0.36", + "version": "5.5.28", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2016-3092", + "reference_id": "CVE-2009-0781", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781", "severities": [ { "system": "apache_tomcat", - "value": "Moderate", + "value": "Low", "scoring_elements": "" } ] @@ -810,13 +746,7 @@ { "reference_id": "", "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738", + "url": "https://svn.apache.org/viewvc?view=rev&rev=750928", "severities": [] } ], @@ -825,61 +755,45 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2016-3092" + "CVE-2009-0783" ], "confidence": 100, "summary": "", "affected_purls": [ { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "8.0.0+RC1", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "8.0.35", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.5.0", + "version": "5.5.0", "qualifiers": "", "subpath": "" }, { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.5.2", + "version": "5.5.27", "qualifiers": "", "subpath": "" } ], "fixed_purl": { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.5.3", + "version": "5.5.28", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2016-3092", + "reference_id": "CVE-2009-0783", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783", "severities": [ { "system": "apache_tomcat", - "value": "Moderate", + "value": "Low", "scoring_elements": "" } ] @@ -887,13 +801,13 @@ { "reference_id": "", "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722", + "url": "https://svn.apache.org/viewvc?view=rev&rev=681156", "severities": [] }, { "reference_id": "", "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738", + "url": "https://svn.apache.org/viewvc?view=rev&rev=781542", "severities": [] } ], @@ -902,7 +816,7 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2016-3092" + "CVE-2005-4836" ], "confidence": 100, "summary": "", @@ -911,7 +825,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.0.0.RC1", + "version": "4.1.SVN", "qualifiers": "", "subpath": "" }, @@ -919,15 +833,41 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.0.35", + "version": "4.1.15", "qualifiers": "", "subpath": "" - }, + } + ], + "fixed_purl": null, + "references": [ + { + "reference_id": "CVE-2005-4836", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836", + "severities": [ + { + "system": "apache_tomcat", + "value": "Moderate", + "scoring_elements": "" + } + ] + } + ], + "weaknesses": [] + }, + { + "vulnerability_id": null, + "aliases": [ + "CVE-2008-4308" + ], + "confidence": 100, + "summary": "", + "affected_purls": [ { "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.5.0", + "version": "4.1.32", "qualifiers": "", "subpath": "" }, @@ -935,7 +875,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.5.2", + "version": "4.1.34", "qualifiers": "", "subpath": "" } @@ -944,34 +884,22 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.0.36", + "version": "4.1.35", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2016-3092", + "reference_id": "CVE-2008-4308", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308", "severities": [ { "system": "apache_tomcat", - "value": "Moderate", + "value": "Low", "scoring_elements": "" } ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738", - "severities": [] } ], "weaknesses": [] @@ -979,7 +907,7 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2016-3092" + "CVE-2002-0935" ], "confidence": 100, "summary": "", @@ -988,7 +916,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.0.0.RC1", + "version": "4.0.0", "qualifiers": "", "subpath": "" }, @@ -996,7 +924,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.0.35", + "version": "4.0.2", "qualifiers": "", "subpath": "" }, @@ -1004,7 +932,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.5.0", + "version": "4.0.3", "qualifiers": "", "subpath": "" }, @@ -1012,7 +940,31 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.5.2", + "version": "4.0.4", + "qualifiers": "", + "subpath": "" + }, + { + "type": "maven", + "namespace": "org.apache.tomcat", + "name": "tomcat", + "version": "4.0.6", + "qualifiers": "", + "subpath": "" + }, + { + "type": "maven", + "namespace": "org.apache.tomcat", + "name": "tomcat", + "version": "4.1.0", + "qualifiers": "", + "subpath": "" + }, + { + "type": "maven", + "namespace": "org.apache.tomcat", + "name": "tomcat", + "version": "4.1.2", "qualifiers": "", "subpath": "" } @@ -1021,34 +973,22 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "8.5.3", + "version": "4.1.3", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2016-3092", + "reference_id": "CVE-2002-0935", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935", "severities": [ { "system": "apache_tomcat", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738", - "severities": [] } ], "weaknesses": [] @@ -1056,60 +996,48 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2008-5515" + "CVE-2002-2007" ], "confidence": 100, "summary": "", "affected_purls": [ { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "5.5.0", + "version": "3.2.3", "qualifiers": "", "subpath": "" }, { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "5.5.27", + "version": "3.2.4", "qualifiers": "", "subpath": "" } ], "fixed_purl": { - "type": "apache", - "namespace": "", + "type": "maven", + "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "5.5.28", + "version": "3.3a", "qualifiers": "", "subpath": "" }, "references": [ { - "reference_id": "CVE-2008-5515", + "reference_id": "CVE-2002-2007", "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007", "severities": [ { "system": "apache_tomcat", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=782757", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=783291", - "severities": [] } ], "weaknesses": [] @@ -1117,7 +1045,7 @@ { "vulnerability_id": null, "aliases": [ - "CVE-2008-5515" + "CVE-2002-2006" ], "confidence": 100, "summary": "", @@ -1126,7 +1054,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "5.5.0", + "version": "3.1", "qualifiers": "", "subpath": "" }, @@ -1134,1043 +1062,7 @@ "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", - "version": "5.5.27", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.28", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2008-5515", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515", - "severities": [ - { - "system": "apache_tomcat", - "value": "Important", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=782757", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=783291", - "severities": [] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2009-0033" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.27", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.28", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2009-0033", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033", - "severities": [ - { - "system": "apache_tomcat", - "value": "Important", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=781362", - "severities": [] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2009-0033" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.27", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.28", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2009-0033", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033", - "severities": [ - { - "system": "apache_tomcat", - "value": "Important", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=781362", - "severities": [] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2009-0580" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.27", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.28", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2009-0580", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580", - "severities": [ - { - "system": "apache_tomcat", - "value": "Low", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=781379", - "severities": [] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2009-0580" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.27", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.28", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2009-0580", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580", - "severities": [ - { - "system": "apache_tomcat", - "value": "Low", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=781379", - "severities": [] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2009-0781" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.27", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.28", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2009-0781", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781", - "severities": [ - { - "system": "apache_tomcat", - "value": "Low", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=750928", - "severities": [] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2009-0781" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.27", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.28", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2009-0781", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781", - "severities": [ - { - "system": "apache_tomcat", - "value": "Low", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=750928", - "severities": [] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2009-0783" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.27", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "5.5.28", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2009-0783", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783", - "severities": [ - { - "system": "apache_tomcat", - "value": "Low", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=681156", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=781542", - "severities": [] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2009-0783" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.27", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "5.5.28", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2009-0783", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783", - "severities": [ - { - "system": "apache_tomcat", - "value": "Low", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=681156", - "severities": [] - }, - { - "reference_id": "", - "reference_type": "", - "url": "https://svn.apache.org/viewvc?view=rev&rev=781542", - "severities": [] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2005-4836" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.1.0+SVN", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.1.15", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": null, - "references": [ - { - "reference_id": "CVE-2005-4836", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836", - "severities": [ - { - "system": "apache_tomcat", - "value": "Moderate", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2005-4836" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.1.SVN", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.1.15", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": null, - "references": [ - { - "reference_id": "CVE-2005-4836", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836", - "severities": [ - { - "system": "apache_tomcat", - "value": "Moderate", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2008-4308" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.1.32", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.1.34", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.1.35", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2008-4308", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308", - "severities": [ - { - "system": "apache_tomcat", - "value": "Low", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2008-4308" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.1.32", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.1.34", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.1.35", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2008-4308", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308", - "severities": [ - { - "system": "apache_tomcat", - "value": "Low", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2002-0935" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.0.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.0.2", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.0.3", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.0.4", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.0.6", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.1.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.1.2", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "4.1.3", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2002-0935", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935", - "severities": [ - { - "system": "apache_tomcat", - "value": "Important", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2002-0935" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.0.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.0.2", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.0.3", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.0.4", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.0.6", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.1.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.1.2", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "4.1.3", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2002-0935", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935", - "severities": [ - { - "system": "apache_tomcat", - "value": "Important", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2002-2007" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.2.3", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.2.4", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.3.0-a", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2002-2007", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007", - "severities": [ - { - "system": "apache_tomcat", - "value": "Moderate", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2002-2007" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "3.2.3", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "3.2.4", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "3.3a", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2002-2007", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007", - "severities": [ - { - "system": "apache_tomcat", - "value": "Moderate", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2002-2006" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.1.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.1.1", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.2.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.2.4", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.3.0-a", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2002-2006", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006", - "severities": [ - { - "system": "apache_tomcat", - "value": "Low", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2002-2006" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "3.1", - "qualifiers": "", - "subpath": "" - }, - { - "type": "maven", - "namespace": "org.apache.tomcat", - "name": "tomcat", - "version": "3.1.1", + "version": "3.1.1", "qualifiers": "", "subpath": "" }, @@ -2215,71 +1107,6 @@ ], "weaknesses": [] }, - { - "vulnerability_id": null, - "aliases": [ - "CVE-2000-0760" - ], - "confidence": 100, - "summary": "", - "affected_purls": [ - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.1.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.1.1", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.2.0", - "qualifiers": "", - "subpath": "" - }, - { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.2.4", - "qualifiers": "", - "subpath": "" - } - ], - "fixed_purl": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "3.3.0-a", - "qualifiers": "", - "subpath": "" - }, - "references": [ - { - "reference_id": "CVE-2000-0760", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760", - "severities": [ - { - "system": "apache_tomcat", - "value": "Low", - "scoring_elements": "" - } - ] - } - ], - "weaknesses": [] - }, { "vulnerability_id": null, "aliases": [ diff --git a/vulnerabilities/tests/test_data/apache_tomcat/parse-apache_tomcat-selected-advisories-expected.json b/vulnerabilities/tests/test_data/apache_tomcat/parse-apache_tomcat-selected-advisories-expected.json index 0010b38d3..3cd8e1d6a 100644 --- a/vulnerabilities/tests/test_data/apache_tomcat/parse-apache_tomcat-selected-advisories-expected.json +++ b/vulnerabilities/tests/test_data/apache_tomcat/parse-apache_tomcat-selected-advisories-expected.json @@ -5,18 +5,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.41|!=9.0.43", - "fixed_version": null - }, { "package": { "type": "maven", @@ -60,18 +48,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.41|!=9.0.43", - "fixed_version": null - }, { "package": { "type": "maven", @@ -115,18 +91,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.41|!=9.0.43", - "fixed_version": null - }, { "package": { "type": "maven", @@ -170,18 +134,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.34|!=9.0.35", - "fixed_version": null - }, { "package": { "type": "maven", @@ -225,18 +177,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.8|!=9.0.9", - "fixed_version": null - }, { "package": { "type": "maven", @@ -280,18 +220,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=8.0.0+RC1|<=8.0.35|!=8.0.36|>=8.5.0|<=8.5.2|!=8.5.3", - "fixed_version": null - }, { "package": { "type": "maven", @@ -341,18 +269,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28", - "fixed_version": null - }, { "package": { "type": "maven", @@ -402,18 +318,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28", - "fixed_version": null - }, { "package": { "type": "maven", @@ -457,18 +361,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28", - "fixed_version": null - }, { "package": { "type": "maven", @@ -512,18 +404,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28", - "fixed_version": null - }, { "package": { "type": "maven", @@ -567,18 +447,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28", - "fixed_version": null - }, { "package": { "type": "maven", @@ -628,18 +496,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/<=4.1.0+SVN|>=4.1.15", - "fixed_version": null - }, { "package": { "type": "maven", @@ -677,18 +533,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=4.1.32|<=4.1.34|!=4.1.35", - "fixed_version": null - }, { "package": { "type": "maven", @@ -726,18 +570,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=4.0.0|<=4.0.2|4.0.3|>=4.0.4|<=4.0.6|>=4.1.0|<=4.1.2|!=4.1.3", - "fixed_version": null - }, { "package": { "type": "maven", @@ -775,18 +607,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=3.2.3|<=3.2.4|!=3.3.0-a", - "fixed_version": null - }, { "package": { "type": "maven", @@ -824,18 +644,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=3.1.0|<=3.1.1|>=3.2.0|<=3.2.4|!=3.3.0-a", - "fixed_version": null - }, { "package": { "type": "maven", @@ -873,18 +681,6 @@ ], "summary": "", "affected_packages": [ - { - "package": { - "type": "apache", - "namespace": "", - "name": "tomcat", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:apache/>=3.1.0|<=3.1.1|>=3.2.0|<=3.2.4|!=3.3.0-a", - "fixed_version": null - }, { "package": { "type": "maven",