Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@7.0.41
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version7.0.41
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.47
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
0
url VCID-q7g1-m4e7-pya4
vulnerability_id VCID-q7g1-m4e7-pya4
summary 
Insecure Default Initialization of Resource
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable `supportsCredentials` for all origins.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2469
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2469
1
reference_url https://access.redhat.com/errata/RHSA-2018:2470
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2470
2
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:3768
3
reference_url https://access.redhat.com/errata/RHSA-2019:0450
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0450
4
reference_url https://access.redhat.com/errata/RHSA-2019:0451
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0451
5
reference_url https://access.redhat.com/errata/RHSA-2019:1529
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1529
6
reference_url https://access.redhat.com/errata/RHSA-2019:2205
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2205
7
reference_url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
25
reference_url https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html
26
reference_url https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html
27
reference_url https://seclists.org/bugtraq/2019/Dec/43
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Dec/43
28
reference_url https://security.netapp.com/advisory/ntap-20181018-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181018-0002/
29
reference_url https://usn.ubuntu.com/3665-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3665-1/
30
reference_url https://www.debian.org/security/2019/dsa-4596
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4596
31
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2020.html
32
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-7.html
33
reference_url http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-8.html
34
reference_url http://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-9.html
35
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
36
reference_url http://www.securityfocus.com/bid/104203
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104203
37
reference_url http://www.securitytracker.com/id/1040998
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040998
38
reference_url http://www.securitytracker.com/id/1041888
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041888
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8014
reference_id CVE-2018-8014
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-8014
40
reference_url https://github.com/advisories/GHSA-r4x2-3cq5-hqvp
reference_id GHSA-r4x2-3cq5-hqvp
reference_type
scores
url https://github.com/advisories/GHSA-r4x2-3cq5-hqvp
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@7.0.90
purl pkg:maven/org.apache.tomcat/tomcat@7.0.90
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wmb3-3j7y-due7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.90
1
url pkg:maven/org.apache.tomcat/tomcat@8.0.53
purl pkg:maven/org.apache.tomcat/tomcat@8.0.53
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.53
2
url pkg:maven/org.apache.tomcat/tomcat@8.5.32
purl pkg:maven/org.apache.tomcat/tomcat@8.5.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.32
3
url pkg:maven/org.apache.tomcat/tomcat@9.0.10
purl pkg:maven/org.apache.tomcat/tomcat@9.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.10
aliases CVE-2018-8014, GHSA-r4x2-3cq5-hqvp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q7g1-m4e7-pya4
1
url VCID-u95s-xhwk-vka6
vulnerability_id VCID-u95s-xhwk-vka6
summary 
Insufficient Verification of Data Authenticity
The CORS Filter in Apache Tomcat did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1480618
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1480618
1
reference_url https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E
2
reference_url https://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-7.html
3
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-8.html
4
reference_url http://www.securityfocus.com/bid/100280
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100280
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7674
reference_id CVE-2017-7674
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7674
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@7.0.79
purl pkg:maven/org.apache.tomcat/tomcat@7.0.79
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q1cf-qg1v-3ybr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.79
1
url pkg:maven/org.apache.tomcat/tomcat@8.0.45
purl pkg:maven/org.apache.tomcat/tomcat@8.0.45
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q1cf-qg1v-3ybr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.45
2
url pkg:maven/org.apache.tomcat/tomcat@8.5.16
purl pkg:maven/org.apache.tomcat/tomcat@8.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q1cf-qg1v-3ybr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.16
3
url pkg:maven/org.apache.tomcat/tomcat@9.0.1
purl pkg:maven/org.apache.tomcat/tomcat@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q1cf-qg1v-3ybr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.1
aliases CVE-2017-7674
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u95s-xhwk-vka6
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.41