Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.51

Type maven

Namespace org.apache.tomcat.embed

Name tomcat-embed-core

Version 7.0.51

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.0.72

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

url VCID-gmjm-6ck2-skgu

vulnerability_id VCID-gmjm-6ck2-skgu

summary

Improper Handling of Exceptional Conditions
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. The Default Servlet in Apache Tomcat does not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

references

reference_url	https://access.redhat.com/errata/RHSA-2017:1801
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1801

reference_url	https://access.redhat.com/errata/RHSA-2017:1802
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1802

reference_url	https://access.redhat.com/errata/RHSA-2017:1809
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1809

reference_url	https://access.redhat.com/errata/RHSA-2017:2493
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2493

reference_url	https://access.redhat.com/errata/RHSA-2017:2494
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2494

reference_url	https://access.redhat.com/errata/RHSA-2017:2633
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2633

reference_url	https://access.redhat.com/errata/RHSA-2017:2635
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2635

reference_url	https://access.redhat.com/errata/RHSA-2017:2636
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2636

reference_url	https://access.redhat.com/errata/RHSA-2017:2637
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2637

reference_url	https://access.redhat.com/errata/RHSA-2017:2638
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2638

reference_url	https://access.redhat.com/errata/RHSA-2017:3080
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3080

reference_url	https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://security.netapp.com/advisory/ntap-20171019-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20171019-0002/

reference_url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us
reference_id
reference_type
scores
url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	http://www.debian.org/security/2017/dsa-3891
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3891

reference_url	http://www.debian.org/security/2017/dsa-3892
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3892

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

reference_url	http://www.securityfocus.com/bid/98888
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/98888

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-5664
reference_id	CVE-2017-5664
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-5664

reference_url	https://github.com/advisories/GHSA-jmvv-524f-hj5j
reference_id	GHSA-jmvv-524f-hj5j
reference_type
scores
url	https://github.com/advisories/GHSA-jmvv-524f-hj5j

fixed_packages

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.52

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.52

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-xa95-zsnk-3kg9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.52

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.78
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.78
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.78

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.8
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.8

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.44
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.44
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.44

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.15

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dast-z2hv-2yfe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.15

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1

aliases CVE-2017-5664, GHSA-jmvv-524f-hj5j

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmjm-6ck2-skgu

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.51

Package Instance