Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apache/tomcat@6.0.8
Typeapache
Namespace
Nametomcat
Version6.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.11
Latest_non_vulnerable_version11.0.21
Affected_by_vulnerabilities
0
url VCID-qdck-q54n-rkcv
vulnerability_id VCID-qdck-q54n-rkcv
summary The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0128.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0128.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-0128
reference_id
reference_type
scores
0
value 0.03858
scoring_system epss
scoring_elements 0.88224
published_at 2026-04-21T12:55:00Z
1
value 0.03858
scoring_system epss
scoring_elements 0.88153
published_at 2026-04-01T12:55:00Z
2
value 0.03858
scoring_system epss
scoring_elements 0.88162
published_at 2026-04-02T12:55:00Z
3
value 0.03858
scoring_system epss
scoring_elements 0.88178
published_at 2026-04-04T12:55:00Z
4
value 0.03858
scoring_system epss
scoring_elements 0.88184
published_at 2026-04-07T12:55:00Z
5
value 0.03858
scoring_system epss
scoring_elements 0.88203
published_at 2026-04-08T12:55:00Z
6
value 0.03858
scoring_system epss
scoring_elements 0.88209
published_at 2026-04-09T12:55:00Z
7
value 0.03858
scoring_system epss
scoring_elements 0.8822
published_at 2026-04-11T12:55:00Z
8
value 0.03858
scoring_system epss
scoring_elements 0.88213
published_at 2026-04-12T12:55:00Z
9
value 0.03858
scoring_system epss
scoring_elements 0.88212
published_at 2026-04-13T12:55:00Z
10
value 0.03858
scoring_system epss
scoring_elements 0.88226
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-0128
2
reference_url https://svn.apache.org/viewvc?view=rev&rev=684900
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=684900
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=429821
reference_id 429821
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=429821
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128
reference_id CVE-2008-0128
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128
5
reference_url https://access.redhat.com/errata/RHSA-2008:0630
reference_id RHSA-2008:0630
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0630
fixed_packages
0
url pkg:apache/tomcat@6.0.9
purl pkg:apache/tomcat@6.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87p8-zvvf-y7dm
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.9
aliases CVE-2008-0128
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdck-q54n-rkcv
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.8