Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M8

Type maven

Namespace org.apache.tomcat

Name tomcat-catalina

Version 9.0.0.M8

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 9.0.0.M10

Latest_non_vulnerable_version 11.0.15

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-qthw-u9bp-zkdp

vulnerability_id VCID-qthw-u9bp-zkdp

summary

Denial of Service
The MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

references

reference_url	http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E
reference_id
reference_type
scores
url	http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1349475
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1349475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

reference_url	http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/RELEASE-NOTES.txt?r1=1745717&r2=1749637&diff_format=h
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/RELEASE-NOTES.txt?r1=1745717&r2=1749637&diff_format=h

reference_url	http://tomcat.apache.org/security.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security.html

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.70

purl pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.70

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7fh9-36qs-jfg5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.70

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.36

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.36

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7fh9-36qs-jfg5

vulnerability	VCID-jzta-navk-87bn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.36

url	pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.3
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.3

url	pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M8
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M8

aliases CVE-2016-3092

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qthw-u9bp-zkdp

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M8

Package Instance