6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.923 High
EPSS
Percentile
98.9%
There are some Tomcat security vulnerabilities reported against the bundled version 7.0.32:
[CVE-2013-2067|http://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/<[email protected]>]
[CVE-2013-2071|http://mail-archives.apache.org/mod_mbox/tomcat-announce/201305.mbox/<[email protected]>]
[CVE-2012-3544|http://mail-archives.apache.org/mod_mbox/tomcat-announce/201305.mbox/<[email protected]>] - Not reported for Tomcat 7.0.32
Stash should be bundled with the latest Tomcat version 7.0.40 to ensure it contains a fix for the above security vulnerabilities.
CPE | Name | Operator | Version |
---|---|---|---|
bitbucket data center | le | 2.4.1 | |
bitbucket data center | lt | 2.4.2 |