For API version information, refer to the API History Version section.
Download a saved report in the user’s account. You can download all report types (map, scan, patch, authentication, scorecard, remediation, compliance). This option is available when the Report Share feature is enabled in the user’s subscription.
You can also view risk scores to Host Based Scan Reports, including TruRisk score, Asset Criticality Score (ACS) and Qualys Detection Score (QDS). These values appear in all report formats, including XML and CSV. You can download reports from the UI or fetch reports using the API.
Downloading a Policy Report in CSV format? When PCRS is enabled for your subscription, we’ll automatically compress large CSV policy reports and you’ll get a Zip file instead of CSV when the report is greater than 1GB in size. See Launching and Fetching Compliance Reports in CSV Format for important details.
User permissions - Managers can download any saved report. Unit Managers can download a saved report in their own business unit (reports launched by users in their own business unit). Scanners and Readers can download their own saved report.
|
Parameter |
Required/Optional |
Description |
|---|---|---|
|
action=fetch |
Required |
|
|
id={value} |
Required |
Specifies the report ID of a saved report that you want to download. The status of the report must be 'finished'. |
|
echo_request={0|1} |
Optional |
Specify 1 to view input parameters in the XML output. When not specified, parameters are not included in the XML output. |
Run the report list API.
API Request
curl -X POST -H "X-Requested-With:POSTMAN" -H "Authorization:Basic <TOKEN>" -F "action=list" "<qualys_base_url>/api/2.0/fo/report/"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE REPORT_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/2.0/fo/report/report_list_output.dtd"> <REPORT_LIST_OUTPUT> <RESPONSE> <DATETIME>2018-07-02T15:29:52Z</DATETIME> <REPORT_LIST> <REPORT> <ID>7592049</ID> <TITLE> <![CDATA[FIXED Vuln Report]]> </TITLE> <TYPE>Scan</TYPE> <USER_LOGIN>acme_ur15</USER_LOGIN> <LAUNCH_DATETIME>2018-07-02T14:52:45Z</LAUNCH_DATETIME> <OUTPUT_FORMAT>HTML</OUTPUT_FORMAT> <SIZE>-</SIZE> <STATUS> <STATE>Running</STATE> <MESSAGE> <![CDATA[Rendering...]]> </MESSAGE> <PERCENT>80</PERCENT> </STATUS> <EXPIRATION_DATETIME>2018-07-30T14:52:48Z</EXPIRATION_DATETIME> </REPORT> ... <REPORT> <ID>7589800</ID> <TITLE> <![CDATA[My Authentication Report]]> </TITLE> <TYPE>Authentication</TYPE> <USER_LOGIN>acme_ee17</USER_LOGIN> <LAUNCH_DATETIME>2018-07-02T07:00:21Z</LAUNCH_DATETIME> <OUTPUT_FORMAT>PDF</OUTPUT_FORMAT> <SIZE>15 KB</SIZE> <STATUS> <STATE>Finished</STATE> </STATUS> <EXPIRATION_DATETIME>2018-07- 30T07:00:24Z</EXPIRATION_DATETIME> </REPORT> </REPORT_LIST> </RESPONSE> </REPORT_LIST_OUTPUT>
Another option - go to the user interface
Within the user interface find the report you want to download (go to Reports > Reports)
then choose View Report. In the Report Information window, at the top you’ll see the ID in
the window URL after id= like this:
https://<qualys_base_url>/fo/report/view_report.php?id =2281222
API Request
curl -H "X-Requested-With: Curl Sample"-b "QualysSession=71e6cda2a35d2cd404cddaf305ea0208; path=/api; secure" "<qualys_base_url>/api/2.0/fo/report/?action=fetch&id=1462"
In this sample, we’re downloading a Host Based Scan Report in CSV format. You’ll see the new column headers "QDS", "ARS" and "ACS".
API Request
curl -u "<username>:<password>" -H "X-Requested-With:curl" -d "<qualys_base_url>/api/2.0/fo/report/?action=fetch&id=123457"
CSV Output
"Sample Report","05/24/2022 at 18:17:24 (GMT-0800)" "Qualys","919 E Hillsdale Blvd",,"Foster City","California","United States of America","94404" "Joe User","joe_user","Manager" ... "IP","DNS","NetBIOS","QG Host ID","IP Interfaces","Tracking Method","OS","IP Status","QID","Title","Vuln Status","Type","Severity","Port","Protocol","FQDN","SSL","First Detected","Last Detected","Times Detected","Date Last Fixed","First Reopened","Last Reopened","Times Reopened","CVE ID","Vendor Reference","Bugtraq ID","Threat","Impact","Solution","Exploitability","Associated Malware","Results","PCI Vuln","Ticket State","Instance","OS CPE","Category","Associated Ags","Cloud Provider","Cloud Provider Service","Cloud Service","Cloud Resource ID","Cloud Resource Type","Cloud Account","Cloud Image ID","Cloud Resource Metadata","EC2 Instance ID","Public Hostname","Image ID","VPC ID","Instance State","Private Hostname","Instance Type","Account ID","Region Code","Subnet ID","Host ID","Asset ID","QDS","ARS","TRURISK SCORE","ACS" "10.20.30.40","10-20-30-40.bogus.tld",,,,"DNS",,"host scanned, found vuln","100021","Microsoft Internet Explorer TABLE Status Bar URI Obfuscation Weakness","New","Vuln","2",,,,,"05/24/2022 10:07:23","05/24/2022 10:07:23","1",,,,,"CVE-2005- 4679",,"11561","Microsoft Internet Explorer is reported prone to a URI obfuscation weakness. The issue presents itself when a HREF tag contains an additional HREF tag contained within a TABLE tag. It is reported that hovering over the link of the second HREF tag will display the hostname address of the first HREF tag in the status bar of Internet Explorer. This weakness is reported to affect Internet Explorer 6, but other versions may also be affected. Windows XP Service Pack 2 is not reported to be vulnerable.","This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present Web pages to users that seem to originate from a trusted location. This may facilitate phishing style attacks. Other attacks may also be possible.","This vulnerability is not exploitable with Windows XP Service Pack 2. There are no solutions available at this time for Windows 2000 or Windows XP Service Pack 1.",,,,"yes",,,,"Internet Explorer",,,,,,,,,"[]",,,,,,,,,,,"2685870","14617851","28","104","4" ...
API Request
curl -u "<username>:<password>" -H "X-Requested-With:curl" -d
"<qualys_base_url>/api/2.0/fo/report/?action=fetch&id=123456"
XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE ASSET_DATA_REPORT SYSTEM
"<qualys_base_url>/asset_data_report.dtd">
<ASSET_DATA_REPORT>
<HEADER>
<COMPANY>
<![CDATA[ Qualys ]]>
</COMPANY>
<USERNAME>joe_user</USERNAME>
<GENERATION_DATETIME>2022-05-24T15:30:56Z</GENERATION_DATETIME>
<TEMPLATE>
<![CDATA[ ARS_Report ]]>
</TEMPLATE>
<TARGET>
<USER_IP_LIST>
<RANGE>
<START>10.20.30.40</START>
<END>10.20.30.40</END>
</RANGE>
</USER_IP_LIST>
<COMBINED_IP_LIST>
<RANGE>
<START>10.20.30.40</START>
<END>10.20.30.40</END>
</RANGE>
</COMBINED_IP_LIST>
</TARGET>
<RISK_SCORE_SUMMARY>
<TOTAL_VULNERABILITIES>5</TOTAL_VULNERABILITIES>
<AVG_SECURITY_RISK>2.2</AVG_SECURITY_RISK>
<BUSINESS_RISK>10/100</BUSINESS_RISK>
</RISK_SCORE_SUMMARY>
</HEADER>
<RISK_SCORE_PER_HOST>
<HOSTS>
<IP_ADDRESS>10.20.30.40</IP_ADDRESS>
<TOTAL_VULNERABILITIES>5</TOTAL_VULNERABILITIES>
<SECURITY_RISK>2.2</SECURITY_RISK>
</HOSTS>
</RISK_SCORE_PER_HOST>
<HOST_LIST>
<HOST>
<IP>10.20.30.40</IP>
<TRACKING_METHOD>DNS</TRACKING_METHOD>
<HOST_ID>2685870</HOST_ID>
<ASSET_ID>14617851</ASSET_ID>
<DNS>
<![CDATA[ 10-20-30-40.bogus.tld ]]>
</DNS>
<ARS>104</ARS>
<TRURISK_SCORE>104</TRURISK_SCORE>
<ACS>4</ACS>
<VULN_INFO_LIST>
<VULN_INFO>
<QID id="qid_100027">100027</QID>
<TYPE>Practice</TYPE>
<SSL>false</SSL>
<FIRST_FOUND>2022-05-24T04:37:23Z</FIRST_FOUND>
<LAST_FOUND>2022-05-24T04:37:23Z</LAST_FOUND>
<TIMES_FOUND>1</TIMES_FOUND>
<VULN_STATUS>New</VULN_STATUS>
<QDS>
<![CDATA[ 32 ]]>
</QDS>
</VULN_INFO>
Download a saved report in the user’s account. You can download all report types (map, scan, patch, authentication, scorecard, remediation, compliance). This option is available when the Report Share feature is enabled in the user’s subscription.
You can also view risk scores to Host Based Scan Reports, including TruRisk score, Asset Criticality Score (ACS) and Qualys Detection Score (QDS). These values appear in all report formats, including XML and CSV. You can download reports from the UI or fetch reports using the API.
Downloading a Policy Report in CSV format? When PCRS is enabled for your subscription, we’ll automatically compress large CSV policy reports and you’ll get a Zip file instead of CSV when the report is greater than 1GB in size. See Launching and Fetching Compliance Reports in CSV Format for important details.
User permissions - Managers can download any saved report. Unit Managers can download a saved report in their own business unit (reports launched by users in their own business unit). Scanners and Readers can download their own saved report.
|
Parameter |
Required/Optional |
Description |
|---|---|---|
|
action=fetch |
Required |
|
|
id={value} |
Required |
Specifies the report ID of a saved report that you want to download. The status of the report must be 'finished'. |
|
echo_request={0|1} |
Optional |
Specify 1 to view input parameters in the XML output. When not specified, parameters are not included in the XML output. |
Run the report list API.
API Request
curl -X POST -H "X-Requested-With:POSTMAN" -H "Authorization:Basic <TOKEN>" -F "action=list" "<qualys_base_url>/api/3.0/fo/report/"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE REPORT_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/report/report_list_output.dtd"> <REPORT_LIST_OUTPUT> <RESPONSE> <DATETIME>2018-07-02T15:29:52Z</DATETIME> <REPORT_LIST> <REPORT> <ID>7592049</ID> <TITLE> <![CDATA[FIXED Vuln Report]]> </TITLE> <TYPE>Scan</TYPE> <USER_LOGIN>acme_ur15</USER_LOGIN> <LAUNCH_DATETIME>2018-07-02T14:52:45Z</LAUNCH_DATETIME> <OUTPUT_FORMAT>HTML</OUTPUT_FORMAT> <SIZE>-</SIZE> <STATUS> <STATE>Running</STATE> <MESSAGE> <![CDATA[Rendering...]]> </MESSAGE> <PERCENT>80</PERCENT> </STATUS> <EXPIRATION_DATETIME>2018-07-30T14:52:48Z</EXPIRATION_DATETIME> </REPORT> ... <REPORT> <ID>7589800</ID> <TITLE> <![CDATA[My Authentication Report]]> </TITLE> <TYPE>Authentication</TYPE> <USER_LOGIN>acme_ee17</USER_LOGIN> <LAUNCH_DATETIME>2018-07-02T07:00:21Z</LAUNCH_DATETIME> <OUTPUT_FORMAT>PDF</OUTPUT_FORMAT> <SIZE>15 KB</SIZE> <STATUS> <STATE>Finished</STATE> </STATUS> <EXPIRATION_DATETIME>2018-07- 30T07:00:24Z</EXPIRATION_DATETIME> </REPORT> </REPORT_LIST> </RESPONSE> </REPORT_LIST_OUTPUT>
API Request
curl -H "X-Requested-With: Curl Sample"-b "QualysSession=71e6cda2a35d2cd404cddaf305ea0208; path=/api; secure" "<qualys_base_url>/api/3.0/fo/report/?action=fetch&id=1462"
In this sample, we’re downloading a Host Based Scan Report in CSV format. You’ll see the new column headers "QDS", "ARS" and "ACS".
API Request
curl -u "<username>:<password>" -H "X-Requested-With:curl" -d "<qualys_base_url>/api/3.0/fo/report/?action=fetch&id=123457"
CSV Output
"Sample Report","05/24/2022 at 18:17:24 (GMT-0800)" "Qualys","919 E Hillsdale Blvd",,"Foster City","California","United States of America","94404" "Joe User","joe_user","Manager" ... "IP","DNS","NetBIOS","QG Host ID","IP Interfaces","Tracking Method","OS","IP Status","QID","Title","Vuln Status","Type","Severity","Port","Protocol","FQDN","SSL","First Detected","Last Detected","Times Detected","Date Last Fixed","First Reopened","Last Reopened","Times Reopened","CVE ID","Vendor Reference","Bugtraq ID","Threat","Impact","Solution","Exploitability","Associated Malware","Results","PCI Vuln","Ticket State","Instance","OS CPE","Category","Associated Ags","Cloud Provider","Cloud Provider Service","Cloud Service","Cloud Resource ID","Cloud Resource Type","Cloud Account","Cloud Image ID","Cloud Resource Metadata","EC2 Instance ID","Public Hostname","Image ID","VPC ID","Instance State","Private Hostname","Instance Type","Account ID","Region Code","Subnet ID","Host ID","Asset ID","QDS","ARS","TRURISK SCORE","ACS" "10.20.30.40","10-20-30-40.bogus.tld",,,,"DNS",,"host scanned, found vuln","100021","Microsoft Internet Explorer TABLE Status Bar URI Obfuscation Weakness","New","Vuln","2",,,,,"05/24/2022 10:07:23","05/24/2022 10:07:23","1",,,,,"CVE-2005- 4679",,"11561","Microsoft Internet Explorer is reported prone to a URI obfuscation weakness. The issue presents itself when a HREF tag contains an additional HREF tag contained within a TABLE tag. It is reported that hovering over the link of the second HREF tag will display the hostname address of the first HREF tag in the status bar of Internet Explorer. This weakness is reported to affect Internet Explorer 6, but other versions may also be affected. Windows XP Service Pack 2 is not reported to be vulnerable.","This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present Web pages to users that seem to originate from a trusted location. This may facilitate phishing style attacks. Other attacks may also be possible.","This vulnerability is not exploitable with Windows XP Service Pack 2. There are no solutions available at this time for Windows 2000 or Windows XP Service Pack 1.",,,,"yes",,,,"Internet Explorer",,,,,,,,,"[]",,,,,,,,,,,"2685870","14617851","28","104","4" ...
API Request
curl -u "<username>:<password>" -H "X-Requested-With:curl" -d
"<qualys_base_url>/api/3.0/fo/report/?action=fetch&id=123456"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE ASSET_DATA_REPORT SYSTEM "<qualys_base_url>/asset_data_report.dtd"> <ASSET_DATA_REPORT> <HEADER> <COMPANY> <![CDATA[ Qualys ]]> </COMPANY> <USERNAME>joe_user</USERNAME> <GENERATION_DATETIME>2022-05-24T15:30:56Z</GENERATION_DATETIME> <TEMPLATE> <![CDATA[ ARS_Report ]]> </TEMPLATE> <TARGET> <USER_IP_LIST> <RANGE> <START>10.20.30.40</START> <END>10.20.30.40</END> </RANGE> </USER_IP_LIST> <COMBINED_IP_LIST> <RANGE> <START>10.20.30.40</START> <END>10.20.30.40</END> </RANGE> </COMBINED_IP_LIST> </TARGET> <RISK_SCORE_SUMMARY> <TOTAL_VULNERABILITIES>5</TOTAL_VULNERABILITIES> <AVG_SECURITY_RISK>2.2</AVG_SECURITY_RISK> <BUSINESS_RISK>10/100</BUSINESS_RISK> </RISK_SCORE_SUMMARY> </HEADER> <RISK_SCORE_PER_HOST> <HOSTS> <IP_ADDRESS>10.20.30.40</IP_ADDRESS> <TOTAL_VULNERABILITIES>5</TOTAL_VULNERABILITIES> <SECURITY_RISK>2.2</SECURITY_RISK> </HOSTS> </RISK_SCORE_PER_HOST> <HOST_LIST> <HOST> <IP>10.20.30.40</IP> <TRACKING_METHOD>DNS</TRACKING_METHOD> <HOST_ID>2685870</HOST_ID> <ASSET_ID>14617851</ASSET_ID> <DNS> <![CDATA[ 10-20-30-40.bogus.tld ]]> </DNS> <ARS>104</ARS> <TRURISK_SCORE>104</TRURISK_SCORE> <ACS>4</ACS> <VULN_INFO_LIST> <VULN_INFO> <QID id="qid_100027">100027</QID> <TYPE>Practice</TYPE> <SSL>false</SSL> <FIRST_FOUND>2022-05-24T04:37:23Z</FIRST_FOUND> <LAST_FOUND>2022-05-24T04:37:23Z</LAST_FOUND> <TIMES_FOUND>1</TIMES_FOUND> <VULN_STATUS>New</VULN_STATUS> <QDS> <![CDATA[ 32 ]]> </QDS> </VULN_INFO>
API Request
curl --location '<qualys_base_url>/api/4.0/fo/report/?echo_request=1&action=fetch&id=6626811' \ --header 'X-Requested-With: curl' \ --header 'Authorization: Basic Encoded username:passwordstring'
XML Output
"FQDN_template_Multiple","06/16/2025 at 14:30:35 (GMT+0530)" "QA testing Team","pune","pune","pune","Georgia","United States of America","111" "Testing QA Manager","john_doe","Manager" "Asset Groups","IPs","Active Hosts","Hosts Matching Filters","Trend Analysis","Date Range","Network","Asset Tags" "NONE","NONE","5","5","Past 2 detections","N/A","Global Default Network","NONE" "Total Vulnerabilities","Avg Security Risk","Business Risk" "500","3.4","0" "IP","Network","Total Vulnerabilities","Security Risk" "10.xx.xx.94","ACustom_Net1","104","3.1" "10.xx.xx.94","Global Default Network","139","3.5" "10.xx.xx.71","Global Default Network","60","3.9" "10.xx.xx.86","Global Default Network","63","3.2" "10.xx.xx.1","Global Default Network","134","3.2" "IP","Network","DNS","NetBIOS","QG Host ID","IP Interfaces","Tracking Method","OS","IP Status","QID","Title","Vuln Status","Type","Severity","Port","Protocol","FQDN","SSL","First Detected","Last Detected","Times Detected","Date Last Fixed","First Reopened","Last Reopened","Times Reopened","CVE ID","Vendor Reference","Bugtraq ID","CVSS","CVSS Base","CVSS Temporal","CVSS Environment","CVSS3.1","CVSS3.1 Base","CVSS3.1 Temporal","Threat","Impact","Solution","Exploitability","Associated Malware","Results","PCI Vuln","Ticket State","Instance","Category","Associated AGs","Non-running Kernel","Cloud Provider","Cloud Provider Service","Cloud Service","Cloud Resource ID","Cloud Resource Type","Cloud Account","Cloud Image ID","Cloud Resource Metadata","EC2 Instance ID","Public Hostname","Image ID","VPC ID","Instance State","Private Hostname","Instance Type","Account ID","Region Code","Subnet ID","Host ID","Asset ID","QDS","ARS","ACS","TruRisk Score","MITRE ATT&CK Tactic Name","MITRE ATT&CK Technique Name","MITRE ATT&CK Tactic ID","MITRE ATT&CK Technique ID" "10.44.201.71","Global Default Network","qwiki.intranet.qualys.com",,,,"DNS",,"host scanned, found vuln","732544","Atlassian Confluence Server and Data Center Xstream Dependency Vulnerability (CONFSERVER-99568)","New","Vuln","4","443","tcp",,,"06/02/2025 13:56:58","06/02/2025 13:56:58","1",,,,,"CVE-2024-47072","CONFSERVER-99568",,"4","5.4 (AV:A/AC:M/Au:M/C:N/I:C/A:P)","4.0 (E:U/RL:OF/RC:C)","Asset Group: -, Collateral Damage Potential: -, Target Distribution: -, Confidentiality Requirement: -, Integrity Requirement: -, Availability Requirement: -","6.5","7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)","6.5 (E:U/RL:O/RC:C)","Confluence is team collaboration software written in Java. Affected version: PLEASE FILL THE AFFECTED VERSIONS MANUALLY QID Detection Logic:(Unauthenticated) It checks for vulnerable version of Atlassian Confluence Server. QID Detection Logic(Authenticated): Operating System: (Windows) The QID checks for vulnerable versions of Confluence Server with registry path QID Detection Logic(Authenticated): Operating System: (Unix) The QID checks for vulnerable versions of Confluence Server advised by the vendor using install location","Successful exploitation of this vulnerability could lead to a security breach or affect confidentiality, integrity, and availability.","Customers are advised to refer to CONFSERVER-99568 (https://jira.atlassian.com/browse/CONFSERVER-99568) for updates pertaining to this vulnerability. Patch: Following are links for downloading patches to fix the vulnerabilities: CONFSERVER-99568 (https://jira.atlassian.com/browse/CONFSERVER-99568)",,,"Vulnerable Atlassian Confluence detected on port: 443 Printed by Atlassian Confluence 8.9.1 #","no","Open",,"CGI",,"No",,,,,,,,"[]",,,,,,,,,,,"15840097","69114947","35","333","2","333",,,, "10.xx.xx.71","Global Default Network","qwiki.intranet.qualys.com",,,,"DNS",,"host scanned, found vuln","732543","Atlassian Confluence Server and Data Center Third-Party Dependency Vulnerability (CONFSERVER-99686)","New","Vuln","4","443","tcp",,,"06/02/2025 13:56:58","06/02/2025 13:56:58","1",,,,,"CVE-2025-31650","CONFSERVER-99686",,"4.2","5.4 (AV:A/AC:M/Au:M/C:N/I:C/A:P)","4.3 (E:POC/RL:OF/RC:C)","Asset Group: -, Collateral Damage Potential: -, Target Distribution: -, Confidentiality Requirement: -, Integrity Requirement: -, Availability Requirement: -","6.7","7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)","6.7 (E:P/RL:O/RC:C)","Confluence is team collaboration software written in Java. Affected version: PLEASE FILL THE AFFECTED VERSIONS MANUALLY QID Detection Logic:(Unauthenticated) It checks for vulnerable version of Atlassian Confluence Server. QID Detection Logic(Authenticated): Operating System: (Windows) The QID checks for vulnerable versions of Confluence Server with registry path QID Detection Logic(Authenticated): Operating System: (Unix) The QID checks for vulnerable versions of Confluence Server advised by the vendor using install location","Successful exploitation of this vulnerability could lead to a security breach or affect confidentiality, integrity, and availability.","Customers are advised to refer to CONFSERVER-99686 (https://jira.atlassian.com/browse/CONFSERVER-99686) for updates pertaining to this vulnerability. Patch: Following are links for downloading patches to fix the vulnerabilities: CONFSERVER-99686 (https://jira.atlassian.com/browse/CONFSERVER-99686)","Source: github-exploits Reference:CVE-2025-31650 Description:sattarbug/Analysis-of-TomcatKiller---CVE-2025-31650-Exploit-Tool exploit repository Link:https://github.com/sattarbug/Analysis-of-TomcatKiller---CVE-2025-31650-Exploit-Tool Reference:CVE-2025-31650 Description:assad12341/Dos-exploit- exploit repository Link:https://github.com/assad12341/Dos-exploit- Reference:CVE-2025-31650 Description:tunahantekeoglu/CVE-2025-31650 exploit repository Link:https://github.com/tunahantekeoglu/CVE-2025-31650 Reference:CVE-2025-31650 Description:absholi7ly/TomcatKiller-CVE-2025-31650 exploit repository Link:https://github.com/absholi7ly/TomcatKiller-CVE-2025-31650 Source: exploitdb Reference:CVE-2025-31650 Description:Apache Tomcat 10.1.39 - Denial of Service (DoS) Link:https://www.exploit-db.com/exploits/52318 Source: blogs Reference:CVE-2025-31650 Description:Apache Tomcat 10.1.39 - Denial of Service (DOS) Link:https://www.exploit-db.com/raw/52318",,"Vulnerable Atlassian Confluence detected on port: 443 Printed by Atlassian Confluence 8.9.1 #","no","Open",,"CGI",,"No",,,,,,,,"[]",,,,,,,,,,,"15840097","69114947","42","333","2","333",,,, "10.44.201.71","Global Default Network","qwiki.intranet.qualys.com",,,,"DNS",,"host scanned, found vuln","732438","Atlassian Confluence Server and Data Center Denial of Service (DoS) Vulnerability (CONFSERVER-99540)","New","Vuln","4","443","tcp",,,"06/02/2025 13:56:58","06/02/2025 13:56:58","1",,,,,"CVE-2025-24970","CONFSERVER-99540",,"4","5.4 (AV:A/AC:M/Au:M/C:N/I:C/A:P)","4.0 (E:U/RL:OF/RC:C)","Asset Group: -, Collateral Damage Potential: -, Target Distribution: -, Confidentiality Requirement: -, Integrity Requirement: -, Availability Requirement: -","6.5","7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)","6.5 (E:U/RL:O/RC:C)","Confluence is team collaboration software written in Java. Affected version: All versions of Confluence Data Center and Server from 7.19 to 7.19.30 All versions of Confluence Data Center and Server from 7.20 to 7.20.3 All versions of Confluence Data Center and Server from 8.0 to 8.5.19 All versions of Confluence Data Center and Server from 8.6.0 to 8.6.2 All versions of Confluence Data Center and Server from 8.7.0 to 8.7.2 All versions of Confluence Data Center and Server from 8.8.0 to 8.8.1 All versions of Confluence Data Center and Server from 8.9.0 to 8.9.8 All versions of Confluence Data Center and Server from 9.0.0 to 9.0.3 All versions of Confluence Data Center and Server from 9.1.0 to 9.1.1 All versions of Confluence Data Center and Server from 9.2.0 to 9.2.1 All versions of Confluence Data Center and Server from 9.3.0 to 9.3.1 QID Detection Logic:(Unauthenticated) It checks for vulnerable version of Atlassian Confluence Server by hitting the GET request on ""login.action"" endpoint. QID Detection Logic(Authenticated): Operating System: (Windows) The QID checks for vulnerable versions of Confluence Server with registry path QID Detection Logic(Authenticated): Operating System: (Unix) The QID checks for vulnerable versions of Confluence Server advised by the vendor using install location","Successful exploitation of this vulnerability could lead to a security breach or affect confidentiality, integrity, and availability.","Customers are advised to refer to CONFSERVER-99540 (https://jira.atlassian.com/browse/CONFSERVER-99540) for updates pertaining to this vulnerability.
The following table depicts the information about the different versions of this API along with the status:
| API Version | EOS | EOL |
| /api/3.0/fo/report/ | Active | Active |
| /api/2.0/fo/report/ | December 2025 |
June 2026 |