Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apache/tomcat@6.0.9
Typeapache
Namespace
Nametomcat
Version6.0.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.11
Latest_non_vulnerable_version11.0.21
Affected_by_vulnerabilities
0
url VCID-87p8-zvvf-y7dm
vulnerability_id VCID-87p8-zvvf-y7dm
summary Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
references
0
reference_url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
reference_id
reference_type
scores
url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
1
reference_url http://docs.info.apple.com/article.html?artnum=306172
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://docs.info.apple.com/article.html?artnum=306172
2
reference_url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
reference_id
reference_type
scores
url http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
3
reference_url http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
4
reference_url http://lists.vmware.com/pipermail/security-announce/2008/000003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.vmware.com/pipermail/security-announce/2008/000003.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0450.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0450.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-0450
reference_id
reference_type
scores
0
value 0.91133
scoring_system epss
scoring_elements 0.99647
published_at 2026-04-16T12:55:00Z
1
value 0.91133
scoring_system epss
scoring_elements 0.99646
published_at 2026-04-13T12:55:00Z
2
value 0.91133
scoring_system epss
scoring_elements 0.99645
published_at 2026-04-11T12:55:00Z
3
value 0.91133
scoring_system epss
scoring_elements 0.99644
published_at 2026-04-07T12:55:00Z
4
value 0.91133
scoring_system epss
scoring_elements 0.99642
published_at 2026-04-02T12:55:00Z
5
value 0.91133
scoring_system epss
scoring_elements 0.99643
published_at 2026-04-04T12:55:00Z
6
value 0.91133
scoring_system epss
scoring_elements 0.99649
published_at 2026-04-21T12:55:00Z
7
value 0.91133
scoring_system epss
scoring_elements 0.99648
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-0450
7
reference_url http://secunia.com/advisories/24732
reference_id
reference_type
scores
url http://secunia.com/advisories/24732
8
reference_url http://secunia.com/advisories/25106
reference_id
reference_type
scores
url http://secunia.com/advisories/25106
9
reference_url http://secunia.com/advisories/25280
reference_id
reference_type
scores
url http://secunia.com/advisories/25280
10
reference_url http://secunia.com/advisories/26235
reference_id
reference_type
scores
url http://secunia.com/advisories/26235
11
reference_url http://secunia.com/advisories/26660
reference_id
reference_type
scores
url http://secunia.com/advisories/26660
12
reference_url http://secunia.com/advisories/27037
reference_id
reference_type
scores
url http://secunia.com/advisories/27037
13
reference_url http://secunia.com/advisories/28365
reference_id
reference_type
scores
url http://secunia.com/advisories/28365
14
reference_url http://secunia.com/advisories/30899
reference_id
reference_type
scores
url http://secunia.com/advisories/30899
15
reference_url http://secunia.com/advisories/30908
reference_id
reference_type
scores
url http://secunia.com/advisories/30908
16
reference_url http://secunia.com/advisories/33668
reference_id
reference_type
scores
url http://secunia.com/advisories/33668
17
reference_url http://security.gentoo.org/glsa/glsa-200705-03.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200705-03.xml
18
reference_url http://securityreason.com/securityalert/2446
reference_id
reference_type
scores
url http://securityreason.com/securityalert/2446
19
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/32988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/32988
20
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
21
reference_url https://github.com/apache/tomcat/commit/0c5ec5b958f1b59840ee155a23ab409755b039f6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/0c5ec5b958f1b59840ee155a23ab409755b039f6
22
reference_url https://github.com/apache/tomcat/commit/1735d7f55094c3775c7d94e4f8568336dbe1a738
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/1735d7f55094c3775c7d94e4f8568336dbe1a738
23
reference_url https://github.com/apache/tomcat/commit/19ec1ccd17fbb98511bc1c12b255253c4f48b85f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/19ec1ccd17fbb98511bc1c12b255253c4f48b85f
24
reference_url https://github.com/apache/tomcat/commit/ec7ff880dbc28b313bf3a2b1914f6f0371489793
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/ec7ff880dbc28b313bf3a2b1914f6f0371489793
25
reference_url https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
43
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-0450
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-0450
44
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643
reference_id
reference_type
scores
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643
45
reference_url http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
reference_id
reference_type
scores
url http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
46
reference_url http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
reference_id
reference_type
scores
url http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
47
reference_url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
reference_id
reference_type
scores
url http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
48
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
49
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-5.html
50
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-6.html
51
reference_url http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html
reference_id
reference_type
scores
url http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html
52
reference_url http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
53
reference_url http://www.novell.com/linux/security/advisories/2007_15_sr.html
reference_id
reference_type
scores
url http://www.novell.com/linux/security/advisories/2007_15_sr.html
54
reference_url http://www.novell.com/linux/security/advisories/2007_5_sr.html
reference_id
reference_type
scores
url http://www.novell.com/linux/security/advisories/2007_5_sr.html
55
reference_url http://www.redhat.com/support/errata/RHSA-2007-0327.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0327.html
56
reference_url http://www.redhat.com/support/errata/RHSA-2007-0360.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2007-0360.html
57
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
58
reference_url http://www.sec-consult.com/287.html
reference_id
reference_type
scores
url http://www.sec-consult.com/287.html
59
reference_url http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt
reference_id
reference_type
scores
url http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt
60
reference_url http://www.securityfocus.com/archive/1/462791/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/462791/100/0/threaded
61
reference_url http://www.securityfocus.com/archive/1/485938/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/485938/100/0/threaded
62
reference_url http://www.securityfocus.com/archive/1/500396/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/500396/100/0/threaded
63
reference_url http://www.securityfocus.com/archive/1/500412/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/500412/100/0/threaded
64
reference_url http://www.securityfocus.com/bid/22960
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/22960
65
reference_url http://www.securityfocus.com/bid/25159
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/25159
66
reference_url http://www.vupen.com/english/advisories/2007/0975
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2007/0975
67
reference_url http://www.vupen.com/english/advisories/2007/2732
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2007/2732
68
reference_url http://www.vupen.com/english/advisories/2007/3087
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2007/3087
69
reference_url http://www.vupen.com/english/advisories/2007/3386
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2007/3386
70
reference_url http://www.vupen.com/english/advisories/2008/0065
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/0065
71
reference_url http://www.vupen.com/english/advisories/2008/1979/references
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/1979/references
72
reference_url http://www.vupen.com/english/advisories/2009/0233
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/0233
73
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=237080
reference_id 237080
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=237080
74
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
75
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
76
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
reference_id CVE-2007-0450
reference_type
scores
0
value Important
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
77
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29739.txt
reference_id CVE-2007-0450;OSVDB-34769
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29739.txt
78
reference_url https://www.securityfocus.com/bid/22960/info
reference_id CVE-2007-0450;OSVDB-34769
reference_type exploit
scores
url https://www.securityfocus.com/bid/22960/info
79
reference_url https://github.com/advisories/GHSA-4prh-gqw8-rgh5
reference_id GHSA-4prh-gqw8-rgh5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4prh-gqw8-rgh5
80
reference_url https://security.gentoo.org/glsa/200705-03
reference_id GLSA-200705-03
reference_type
scores
url https://security.gentoo.org/glsa/200705-03
81
reference_url https://access.redhat.com/errata/RHSA-2007:0360
reference_id RHSA-2007:0360
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:0360
82
reference_url https://access.redhat.com/errata/RHSA-2007:1069
reference_id RHSA-2007:1069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2007:1069
fixed_packages
0
url pkg:apache/tomcat@6.0.10
purl pkg:apache/tomcat@6.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27q8-96un-9fbk
1
vulnerability VCID-6epr-2hbd-skcz
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.10
aliases CVE-2007-0450, GHSA-4prh-gqw8-rgh5
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87p8-zvvf-y7dm
Fixing_vulnerabilities
0
url VCID-qdck-q54n-rkcv
vulnerability_id VCID-qdck-q54n-rkcv
summary The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0128.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0128.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-0128
reference_id
reference_type
scores
0
value 0.03858
scoring_system epss
scoring_elements 0.88224
published_at 2026-04-21T12:55:00Z
1
value 0.03858
scoring_system epss
scoring_elements 0.88153
published_at 2026-04-01T12:55:00Z
2
value 0.03858
scoring_system epss
scoring_elements 0.88162
published_at 2026-04-02T12:55:00Z
3
value 0.03858
scoring_system epss
scoring_elements 0.88178
published_at 2026-04-04T12:55:00Z
4
value 0.03858
scoring_system epss
scoring_elements 0.88184
published_at 2026-04-07T12:55:00Z
5
value 0.03858
scoring_system epss
scoring_elements 0.88203
published_at 2026-04-08T12:55:00Z
6
value 0.03858
scoring_system epss
scoring_elements 0.88209
published_at 2026-04-09T12:55:00Z
7
value 0.03858
scoring_system epss
scoring_elements 0.8822
published_at 2026-04-11T12:55:00Z
8
value 0.03858
scoring_system epss
scoring_elements 0.88213
published_at 2026-04-12T12:55:00Z
9
value 0.03858
scoring_system epss
scoring_elements 0.88212
published_at 2026-04-13T12:55:00Z
10
value 0.03858
scoring_system epss
scoring_elements 0.88226
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-0128
2
reference_url https://svn.apache.org/viewvc?view=rev&rev=684900
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=684900
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=429821
reference_id 429821
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=429821
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128
reference_id CVE-2008-0128
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128
5
reference_url https://access.redhat.com/errata/RHSA-2008:0630
reference_id RHSA-2008:0630
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0630
fixed_packages
0
url pkg:apache/tomcat@4.1.39
purl pkg:apache/tomcat@4.1.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4rcx-xfn5-7kdb
1
vulnerability VCID-bung-pa58-ayfv
2
vulnerability VCID-dcrp-rae1-zfcm
3
vulnerability VCID-mnf8-t3ew-4fgb
4
vulnerability VCID-r84b-7ay9-ekcm
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@4.1.39
1
url pkg:apache/tomcat@5.5.21
purl pkg:apache/tomcat@5.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87p8-zvvf-y7dm
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.21
2
url pkg:apache/tomcat@6.0.9
purl pkg:apache/tomcat@6.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87p8-zvvf-y7dm
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.9
aliases CVE-2008-0128
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdck-q54n-rkcv
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.9