Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6

Type maven

Namespace org.apache.tomcat.embed

Name tomcat-embed-core

Version 10.0.6

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 10.0.21

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-dk58-p9py-rka9

vulnerability_id VCID-dk58-p9py-rka9

summary

Improper Authentication
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the `LockOut Realm`.

references

reference_url	https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-30640
reference_id	CVE-2021-30640
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-30640

fixed_packages

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.109
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.109
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.109

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6

aliases CVE-2021-30640

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dk58-p9py-rka9

url VCID-jhm9-cqu3-7yce

vulnerability_id VCID-jhm9-cqu3-7yce

summary

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
Apache Tomcat does not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.

references

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10366
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10366

reference_url	https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b@%3Ccommits.tomee.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b@%3Ccommits.tomee.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262@%3Ccommits.tomee.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262@%3Ccommits.tomee.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37@%3Ccommits.tomee.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37@%3Ccommits.tomee.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2@%3Ccommits.tomee.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2@%3Ccommits.tomee.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7@%3Ccommits.tomee.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7@%3Ccommits.tomee.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97@%3Ccommits.tomee.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97@%3Ccommits.tomee.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html

reference_url	https://security.netapp.com/advisory/ntap-20210827-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210827-0007/

reference_url	https://www.debian.org/security/2021/dsa-4952
reference_id
reference_type
scores
url	https://www.debian.org/security/2021/dsa-4952

reference_url	https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2022.html

reference_url	https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url	https://www.oracle.com//security-alerts/cpujul2021.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-33037
reference_id	CVE-2021-33037
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-33037

reference_url	https://github.com/advisories/GHSA-4vww-mc66-62m6
reference_id	GHSA-4vww-mc66-62m6
reference_type
scores
url	https://github.com/advisories/GHSA-4vww-mc66-62m6

fixed_packages

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6

aliases CVE-2021-33037, GHSA-4vww-mc66-62m6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jhm9-cqu3-7yce

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6

Package Instance