Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@3.3.2
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version3.3.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.0b7
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
0
url VCID-6d5n-5df2-7fgs
vulnerability_id VCID-6d5n-5df2-7fgs
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
references
0
reference_url https://web.archive.org/web/20070824135030/http://securityreason.com/securityalert/2971
reference_id
reference_type
scores
url https://web.archive.org/web/20070824135030/http://securityreason.com/securityalert/2971
1
reference_url https://web.archive.org/web/20071117100258/http://securitytracker.com/alerts/2007/Aug/1018503.html
reference_id
reference_type
scores
url https://web.archive.org/web/20071117100258/http://securitytracker.com/alerts/2007/Aug/1018503.html
2
reference_url https://web.archive.org/web/20170323011513/http://www.securityfocus.com/bid/25174
reference_id
reference_type
scores
url https://web.archive.org/web/20170323011513/http://www.securityfocus.com/bid/25174
3
reference_url https://web.archive.org/web/20201207035111/http://www.securityfocus.com/archive/1/475321/100/0/threaded
reference_id
reference_type
scores
url https://web.archive.org/web/20201207035111/http://www.securityfocus.com/archive/1/475321/100/0/threaded
4
reference_url http://tomcat.apache.org/security-3.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-3.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-3384
reference_id CVE-2007-3384
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2007-3384
6
reference_url https://github.com/advisories/GHSA-36hp-4x3g-phrg
reference_id GHSA-36hp-4x3g-phrg
reference_type
scores
url https://github.com/advisories/GHSA-36hp-4x3g-phrg
fixed_packages
aliases CVE-2007-3384, GHSA-36hp-4x3g-phrg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6d5n-5df2-7fgs
1
url VCID-qz87-x4zb-rud7
vulnerability_id VCID-qz87-x4zb-rud7
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
references
0
reference_url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
reference_id
reference_type
scores
url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
1
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/36006
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/36006
5
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
8
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
url http://support.apple.com/kb/HT2163
9
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
10
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-6.html
11
reference_url http://www.debian.org/security/2008/dsa-1447
reference_id
reference_type
scores
url http://www.debian.org/security/2008/dsa-1447
12
reference_url http://www.debian.org/security/2008/dsa-1453
reference_id
reference_type
scores
url http://www.debian.org/security/2008/dsa-1453
13
reference_url http://www.redhat.com/support/errata/RHSA-2007-0871.html
reference_id
reference_type
scores
url http://www.redhat.com/support/errata/RHSA-2007-0871.html
14
reference_url http://www.redhat.com/support/errata/RHSA-2007-0950.html
reference_id
reference_type
scores
url http://www.redhat.com/support/errata/RHSA-2007-0950.html
15
reference_url http://www.redhat.com/support/errata/RHSA-2008-0195.html
reference_id
reference_type
scores
url http://www.redhat.com/support/errata/RHSA-2008-0195.html
16
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-3382
reference_id CVE-2007-3382
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2007-3382
18
reference_url https://github.com/advisories/GHSA-qff8-g48j-pwpw
reference_id GHSA-qff8-g48j-pwpw
reference_type
scores
url https://github.com/advisories/GHSA-qff8-g48j-pwpw
fixed_packages
aliases CVE-2007-3382, GHSA-qff8-g48j-pwpw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qz87-x4zb-rud7
Fixing_vulnerabilities
0
url VCID-w9cc-qjyx-v7b3
vulnerability_id VCID-w9cc-qjyx-v7b3
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
references
0
reference_url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
reference_id
reference_type
scores
url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
1
reference_url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
reference_id
reference_type
scores
url http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
2
reference_url http://secunia.com/advisories/7972
reference_id
reference_type
scores
url http://secunia.com/advisories/7972
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
4
reference_url http://www.ciac.org/ciac/bulletins/n-060.shtml
reference_id
reference_type
scores
url http://www.ciac.org/ciac/bulletins/n-060.shtml
5
reference_url http://www.debian.org/security/2003/dsa-246
reference_id
reference_type
scores
url http://www.debian.org/security/2003/dsa-246
6
reference_url http://www.osvdb.org/9203
reference_id
reference_type
scores
url http://www.osvdb.org/9203
7
reference_url http://www.osvdb.org/9204
reference_id
reference_type
scores
url http://www.osvdb.org/9204
8
reference_url http://www.securityfocus.com/advisories/5111
reference_id
reference_type
scores
url http://www.securityfocus.com/advisories/5111
9
reference_url http://www.securityfocus.com/bid/6720
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/6720
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2003-0044
reference_id CVE-2003-0044
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2003-0044
11
reference_url https://github.com/advisories/GHSA-5hgm-qm5m-5vmw
reference_id GHSA-5hgm-qm5m-5vmw
reference_type
scores
url https://github.com/advisories/GHSA-5hgm-qm5m-5vmw
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@3.3.2
purl pkg:maven/org.apache.tomcat/tomcat@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6d5n-5df2-7fgs
1
vulnerability VCID-qz87-x4zb-rud7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.3.2
aliases CVE-2003-0044, GHSA-5hgm-qm5m-5vmw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9cc-qjyx-v7b3
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.3.2