Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apache/tomcat@7.0.109

Type apache

Namespace

Name tomcat

Version 7.0.109

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 8.0.0-RC10

Latest_non_vulnerable_version 11.0.21

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-kwab-3s4q-eka4

vulnerability_id VCID-kwab-3s4q-eka4

summary A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30640.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30640

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.3005
published_at	2026-04-21T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30095
published_at	2026-04-18T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30113
published_at	2026-04-16T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30098
published_at	2026-04-13T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30148
published_at	2026-04-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30191
published_at	2026-04-11T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30188
published_at	2026-04-09T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30152
published_at	2026-04-08T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30093
published_at	2026-04-07T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30275
published_at	2026-04-04T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30226
published_at	2026-04-02T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30195
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30640

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100

reference_url	https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/17208c645d68d2af1444ee8c64f36a9b8f0ba76f

reference_url	https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c

reference_url	https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0

reference_url	https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945

reference_url	https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/4e61e1d625a4a64d6b775e3a03c77a0b100d56d7

reference_url	https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe

reference_url	https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38

reference_url	https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434

reference_url	https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b

reference_url	https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/81f16b0a7186ed02efbfac336589d6cff28d1e89

reference_url	https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56

reference_url	https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375

reference_url	https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43

reference_url	https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/b930d0b3161d9ec78d5fa57f886ed2de4680518b

reference_url	https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/bd4d1fbe9146dff4714130594afd668406a6a5ef

reference_url	https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb

reference_url	https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e

reference_url	https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822

reference_url	https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972

reference_url	https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/d5303a506c7533803d2b3bc46e6120ce673a6667

reference_url	https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e21eb4764ccda55e5a35a5a7c19a6fd2b0757fe9

reference_url	https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862

reference_url	https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/eeb7351219bd8803c0053e1e80444664a7cf5b51

reference_url	https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/f4d9bdef53ec009b7717620d890465fa273721a6

reference_url

https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html

reference_url

https://security.gentoo.org/glsa/202208-34

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202208-34

reference_url

https://security.netapp.com/advisory/ntap-20210827-0007

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210827-0007

reference_url	https://security.netapp.com/advisory/ntap-20210827-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210827-0007/

reference_url

https://www.debian.org/security/2021/dsa-4952

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4952

reference_url

https://www.debian.org/security/2021/dsa-4986

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4986

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1981544
reference_id	1981544
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1981544

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046
reference_id	991046
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991046

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640

reference_id

CVE-2021-30640

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-30640

reference_id

CVE-2021-30640

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-30640

reference_url

https://github.com/advisories/GHSA-36qh-35cm-5w2w

reference_id

GHSA-36qh-35cm-5w2w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-36qh-35cm-5w2w

reference_url	https://access.redhat.com/errata/RHSA-2021:4861
reference_id	RHSA-2021:4861
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4861

reference_url	https://access.redhat.com/errata/RHSA-2021:4863
reference_id	RHSA-2021:4863
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4863

reference_url	https://access.redhat.com/errata/RHSA-2022:1179
reference_id	RHSA-2022:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1179

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://usn.ubuntu.com/5360-1/
reference_id	USN-5360-1
reference_type
scores
url	https://usn.ubuntu.com/5360-1/

fixed_packages

url	pkg:apache/tomcat@7.0.109
purl	pkg:apache/tomcat@7.0.109
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.109

url pkg:apache/tomcat@8.5.66

purl pkg:apache/tomcat@8.5.66

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-885s-t4dx-dybv

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.66

url pkg:apache/tomcat@9.0.46

purl pkg:apache/tomcat@9.0.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-885s-t4dx-dybv

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.46

url pkg:apache/tomcat@10.0.6

purl pkg:apache/tomcat@10.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-885s-t4dx-dybv

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.0.6

aliases CVE-2021-30640, GHSA-36qh-35cm-5w2w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwab-3s4q-eka4

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.109

Package Instance