Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/61616?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/61616?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.0", "type": "maven", "namespace": "org.apache.tomcat", "name": "tomcat", "version": "4.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.1.3-beta", "latest_non_vulnerable_version": "11.0.18", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43131?format=api", "vulnerability_id": "VCID-2af1-rv9j-jugv", "summary": "Cross-site scripting in Apache Tomcat\nCross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0326", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0261", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0524" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=238131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238131" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2006-7196", "reference_id": "CVE-2006-7196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2006-7196" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196", "reference_id": "CVE-2006-7196", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196" }, { "reference_url": "https://github.com/advisories/GHSA-pm78-wxxf-fw98", "reference_id": "GHSA-pm78-wxxf-fw98", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pm78-wxxf-fw98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61735?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4wj8-en12-uuch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/61736?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.0.31", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.0.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/61737?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.16" } ], "aliases": [ "CVE-2006-7196", "GHSA-pm78-wxxf-fw98" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2af1-rv9j-jugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43164?format=api", "vulnerability_id": "VCID-2jws-wtvg-2khf", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", "references": [ { "reference_url": "http://docs.info.apple.com/article.html?artnum=306172", "reference_id": "", "reference_type": "", "scores": [], "url": "http://docs.info.apple.com/article.html?artnum=306172" }, { "reference_url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", "reference_id": "CVE-2007-1358", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358" }, { "reference_url": "https://github.com/advisories/GHSA-xmc9-6p56-3c4v", "reference_id": "GHSA-xmc9-6p56-3c4v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xmc9-6p56-3c4v" } ], "fixed_packages": [], "aliases": [ "CVE-2007-1358", "GHSA-xmc9-6p56-3c4v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2jws-wtvg-2khf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43065?format=api", "vulnerability_id": "VCID-5jm8-9upn-g7f4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.", "references": [ { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>" }, { "reference_url": "https://web.archive.org/web/20041213160616/http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20041213160616/http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1567", "reference_id": "CVE-2002-1567", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1567" }, { "reference_url": "https://github.com/advisories/GHSA-86fp-jgwm-wgj5", "reference_id": "GHSA-86fp-jgwm-wgj5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-86fp-jgwm-wgj5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61634?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.29", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.29" } ], "aliases": [ "CVE-2002-1567", "GHSA-86fp-jgwm-wgj5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jm8-9upn-g7f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43910?format=api", "vulnerability_id": "VCID-7787-4bwm-efgq", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN63832775/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://jvn.jp/en/jp/JVN63832775/index.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2207", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2011/dsa-2207" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "reference_id": "CVE-2008-5515", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" }, { "reference_url": "https://github.com/advisories/GHSA-9737-qmgc-hfr9", "reference_id": "GHSA-9737-qmgc-hfr9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9737-qmgc-hfr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61729?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w632-npc7-h7hs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/61837?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9j31-459b-4qbm" }, { "vulnerability": "VCID-eawm-8v9w-yfap" }, { "vulnerability": "VCID-y9yv-u4jh-mqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/61838?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9j31-459b-4qbm" }, { "vulnerability": "VCID-eawm-8v9w-yfap" }, { "vulnerability": "VCID-y9yv-u4jh-mqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.20" } ], "aliases": [ "CVE-2008-5515", "GHSA-9737-qmgc-hfr9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7787-4bwm-efgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43138?format=api", "vulnerability_id": "VCID-96yu-fvee-wfbs", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThe AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when \"unsuitable request body data\" is used for a different request, possibly related to Java Servlet pages.", "references": [ { "reference_url": "http://jvn.jp/jp/JVN%2379314822/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://jvn.jp/jp/JVN%2379314822/index.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "https://web.archive.org/web/20051215074217/http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20051215074217/http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html" }, { "reference_url": "https://web.archive.org/web/20081202183445/http://www.securityfocus.com/bid/15003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20081202183445/http://www.securityfocus.com/bid/15003" }, { "reference_url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3164", "reference_id": "CVE-2005-3164", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3164" }, { "reference_url": "https://github.com/advisories/GHSA-qhqv-q4xg-f6g7", "reference_id": "GHSA-qhqv-q4xg-f6g7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qhqv-q4xg-f6g7" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3164", "GHSA-qhqv-q4xg-f6g7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96yu-fvee-wfbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43060?format=api", "vulnerability_id": "VCID-ccfn-tde4-s7hr", "summary": "Apache Tomcat Source Code Disclosure\nThe default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.", "references": [ { "reference_url": "http://marc.info/?l=bugtraq&m=103288242014253&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=103288242014253&w=2" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>" }, { "reference_url": "https://web.archive.org/web/20021027204137/http://www.iss.net/security_center/static/10175.php", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20021027204137/http://www.iss.net/security_center/static/10175.php" }, { "reference_url": "https://web.archive.org/web/20030113141130/http://online.securityfocus.com/advisories/4758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20030113141130/http://online.securityfocus.com/advisories/4758" }, { "reference_url": "https://web.archive.org/web/20030710185447/http://www.securityfocus.com/bid/5786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20030710185447/http://www.securityfocus.com/bid/5786" }, { "reference_url": "https://web.archive.org/web/20040814165854/http://rhn.redhat.com/errata/RHSA-2002-217.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20040814165854/http://rhn.redhat.com/errata/RHSA-2002-217.html" }, { "reference_url": "https://web.archive.org/web/20040817035804/http://rhn.redhat.com/errata/RHSA-2002-218.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20040817035804/http://rhn.redhat.com/errata/RHSA-2002-218.html" }, { "reference_url": "https://web.archive.org/web/20070430075037/http://www.debian.org/security/2002/dsa-170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20070430075037/http://www.debian.org/security/2002/dsa-170" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1148", "reference_id": "CVE-2002-1148", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1148" }, { "reference_url": "https://github.com/advisories/GHSA-jxcv-v856-j5vg", "reference_id": "GHSA-jxcv-v856-j5vg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jxcv-v856-j5vg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61627?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aywp-amq3-yyes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.12" } ], "aliases": [ "CVE-2002-1148", "GHSA-jxcv-v856-j5vg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccfn-tde4-s7hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43223?format=api", "vulnerability_id": "VCID-crhe-rt8j-wycu", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "reference_id": "CVE-2009-0580", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" }, { "reference_url": "https://github.com/advisories/GHSA-w227-xcfx-3pj8", "reference_id": "GHSA-w227-xcfx-3pj8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w227-xcfx-3pj8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61729?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w632-npc7-h7hs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/61837?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9j31-459b-4qbm" }, { "vulnerability": "VCID-eawm-8v9w-yfap" }, { "vulnerability": "VCID-y9yv-u4jh-mqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/61897?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.19" } ], "aliases": [ "CVE-2009-0580", "GHSA-w227-xcfx-3pj8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-crhe-rt8j-wycu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43200?format=api", "vulnerability_id": "VCID-eygg-nt7y-qubh", "summary": "Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "references": [ { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195" }, { "reference_url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936" }, { "reference_url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "reference_id": "CVE-2009-0783", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" }, { "reference_url": "https://github.com/advisories/GHSA-hhjg-g8xq-hhr3", "reference_id": "GHSA-hhjg-g8xq-hhr3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hhjg-g8xq-hhr3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61838?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9j31-459b-4qbm" }, { "vulnerability": "VCID-eawm-8v9w-yfap" }, { "vulnerability": "VCID-y9yv-u4jh-mqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.20" } ], "aliases": [ "CVE-2009-0783", "GHSA-hhjg-g8xq-hhr3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eygg-nt7y-qubh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43214?format=api", "vulnerability_id": "VCID-hmqa-jhuf-hfe2", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to \"invalid HTML.\"", "references": [ { "reference_url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49213" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2207", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2011/dsa-2207" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0781", "reference_id": "CVE-2009-0781", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0781" }, { "reference_url": "https://github.com/advisories/GHSA-j788-fx57-99wp", "reference_id": "GHSA-j788-fx57-99wp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j788-fx57-99wp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61838?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9j31-459b-4qbm" }, { "vulnerability": "VCID-eawm-8v9w-yfap" }, { "vulnerability": "VCID-y9yv-u4jh-mqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.20" } ], "aliases": [ "CVE-2009-0781", "GHSA-j788-fx57-99wp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmqa-jhuf-hfe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43146?format=api", "vulnerability_id": "VCID-kxc3-vz2c-wqca", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nAbsolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", "references": [ { "reference_url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html" }, { "reference_url": "http://issues.apache.org/jira/browse/GERONIMO-3549", "reference_id": "", "reference_type": "", "scores": [], "url": "http://issues.apache.org/jira/browse/GERONIMO-3549" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "reference_url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "http://marc.info/?l=full-disclosure&m=119239530508382", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=full-disclosure&m=119239530508382" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200804-10.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "http://support.apple.com/kb/HT3216", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT3216" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1447", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1447" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1453", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1453" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", "reference_id": "CVE-2007-5461", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461" }, { "reference_url": "https://github.com/advisories/GHSA-v5p2-vg3c-pmrr", "reference_id": "GHSA-v5p2-vg3c-pmrr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v5p2-vg3c-pmrr" } ], "fixed_packages": [], "aliases": [ "CVE-2007-5461", "GHSA-v5p2-vg3c-pmrr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kxc3-vz2c-wqca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43112?format=api", "vulnerability_id": "VCID-qz87-x4zb-rud7", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nApache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"'\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", "references": [ { "reference_url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", "reference_id": "", "reference_type": "", "scores": [], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36006" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1447", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1447" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1453", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1453" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2007-0950.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", "reference_id": "CVE-2007-3382", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382" }, { "reference_url": "https://github.com/advisories/GHSA-qff8-g48j-pwpw", "reference_id": "GHSA-qff8-g48j-pwpw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qff8-g48j-pwpw" } ], "fixed_packages": [], "aliases": [ "CVE-2007-3382", "GHSA-qff8-g48j-pwpw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qz87-x4zb-rud7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43225?format=api", "vulnerability_id": "VCID-rdr4-db3y-p3cz", "summary": "Improper Input Validation\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN87272440/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://jvn.jp/en/jp/JVN87272440/index.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" }, { "reference_url": "http://securitytracker.com/id?1022331", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1022331" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50928" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "http://svn.apache.org/viewvc?rev=742915&view=rev", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc?rev=742915&view=rev" }, { "reference_url": "http://svn.apache.org/viewvc?rev=781362&view=rev", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc?rev=781362&view=rev" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2207", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2011/dsa-2207" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "reference_url": "http://www.securityfocus.com/archive/1/504044/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/504044/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/35193", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/35193" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", "reference_id": "CVE-2009-0033", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033" }, { "reference_url": "https://github.com/advisories/GHSA-5cw4-ggx9-36vg", "reference_id": "GHSA-5cw4-ggx9-36vg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5cw4-ggx9-36vg" } ], "fixed_packages": [], "aliases": [ "CVE-2009-0033", "GHSA-5cw4-ggx9-36vg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdr4-db3y-p3cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43173?format=api", "vulnerability_id": "VCID-sjn3-a6fs-gyck", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" }, { "reference_url": "http://seclists.org/fulldisclosure/2007/Jul/0448.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2007/Jul/0448.html" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35536" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://support.apple.com/kb/HT2163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT2163" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://www.kb.cert.org/vuls/id/862600", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.kb.cert.org/vuls/id/862600" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3383", "reference_id": "CVE-2007-3383", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3383" }, { "reference_url": "https://github.com/advisories/GHSA-wjwr-3jch-479j", "reference_id": "GHSA-wjwr-3jch-479j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wjwr-3jch-479j" } ], "fixed_packages": [], "aliases": [ "CVE-2007-3383", "GHSA-wjwr-3jch-479j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sjn3-a6fs-gyck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43184?format=api", "vulnerability_id": "VCID-t4mh-zvhq-27du", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nApache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876" }, { "reference_url": "http://support.apple.com/kb/HT3216", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT3216" }, { "reference_url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "reference_url": "https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099" }, { "reference_url": "https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381" }, { "reference_url": "https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639" }, { "reference_url": "https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891" }, { "reference_url": "https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120" }, { "reference_url": "https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982" }, { "reference_url": "https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266" }, { "reference_url": "https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222" }, { "reference_url": "https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797" }, { "reference_url": "https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999" }, { "reference_url": "https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379" }, { "reference_url": "https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013" }, { "reference_url": "https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865" }, { "reference_url": "https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393" }, { "reference_url": "https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249" }, { "reference_url": "https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460" }, { "reference_url": "https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623" }, { "reference_url": "https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494" }, { "reference_url": "https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681" }, { "reference_url": "https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126" }, { "reference_url": "https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", "reference_id": "CVE-2008-2370", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370" }, { "reference_url": "https://github.com/advisories/GHSA-m8h8-6rvg-f4mg", "reference_id": "GHSA-m8h8-6rvg-f4mg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m8h8-6rvg-f4mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61693?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.38", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.38" }, { "url": "http://public2.vulnerablecode.io/api/packages/61694?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-eygg-nt7y-qubh" }, { "vulnerability": "VCID-hmqa-jhuf-hfe2" }, { "vulnerability": "VCID-rdr4-db3y-p3cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/61799?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hmqa-jhuf-hfe2" }, { "vulnerability": "VCID-rdr4-db3y-p3cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.18" } ], "aliases": [ "CVE-2008-2370", "GHSA-m8h8-6rvg-f4mg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4mh-zvhq-27du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43101?format=api", "vulnerability_id": "VCID-wg7f-pjmn-uudk", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", "references": [ { "reference_url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", "reference_id": "", "reference_type": "", "scores": [], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0648", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0602" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "reference_url": "http://secunia.com/advisories/31379", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31379" }, { "reference_url": "http://secunia.com/advisories/31381", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31381" }, { "reference_url": "http://secunia.com/advisories/31639", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31639" }, { "reference_url": "http://secunia.com/advisories/31865", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31865" }, { "reference_url": "http://secunia.com/advisories/31891", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31891" }, { "reference_url": "http://secunia.com/advisories/31982", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31982" }, { "reference_url": "http://secunia.com/advisories/32120", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32120" }, { "reference_url": "http://secunia.com/advisories/32222", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32222" }, { "reference_url": "http://secunia.com/advisories/32266", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32266" }, { "reference_url": "http://secunia.com/advisories/33797", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33797" }, { "reference_url": "http://secunia.com/advisories/33999", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33999" }, { "reference_url": "http://secunia.com/advisories/34013", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/34013" }, { "reference_url": "http://secunia.com/advisories/35474", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/35474" }, { "reference_url": "http://secunia.com/advisories/36108", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/36108" }, { "reference_url": "http://secunia.com/advisories/37460", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/37460" }, { "reference_url": "http://secunia.com/advisories/57126", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/57126" }, { "reference_url": "http://securityreason.com/securityalert/4098", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/4098" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985" }, { "reference_url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500" }, { "reference_url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095" }, { "reference_url": "http://support.apple.com/kb/HT3216", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT3216" }, { "reference_url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-5.html" }, { "reference_url": "http://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-6.html" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/495021/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/495021/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/504351/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/504351/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/505556/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/505556/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/30496", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/30496" }, { "reference_url": "http://www.securityfocus.com/bid/31681", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/31681" }, { "reference_url": "http://www.securitytracker.com/id?1020622", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020622" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/2305", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/2305" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/2780", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/2823", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/0320", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/0320" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/0503", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/0503" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/1609", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/1609" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2194", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/2194" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3316", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2008-1232", "reference_id": "CVE-2008-1232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2008-1232" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", "reference_id": "CVE-2008-1232", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232" }, { "reference_url": "https://github.com/advisories/GHSA-q74x-qqhr-f8rx", "reference_id": "GHSA-q74x-qqhr-f8rx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q74x-qqhr-f8rx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61693?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.38", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.38" }, { "url": "http://public2.vulnerablecode.io/api/packages/61694?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@5.5.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-eygg-nt7y-qubh" }, { "vulnerability": "VCID-hmqa-jhuf-hfe2" }, { "vulnerability": "VCID-rdr4-db3y-p3cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/61695?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@6.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.17" } ], "aliases": [ "CVE-2008-1232", "GHSA-q74x-qqhr-f8rx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wg7f-pjmn-uudk" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43072?format=api", "vulnerability_id": "VCID-wpnp-3yad-ybcj", "summary": "Apache Tomcat Default Installation Reveals Sensitive Information\nThe default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.", "references": [ { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "https://web.archive.org/web/20020602051837/http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20020602051837/http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html" }, { "reference_url": "https://web.archive.org/web/20021026082659/http://online.securityfocus.com/bid/4575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20021026082659/http://online.securityfocus.com/bid/4575" }, { "reference_url": "https://web.archive.org/web/20030104173336/http://www.iss.net/security_center/static/8932.php", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20030104173336/http://www.iss.net/security_center/static/8932.php" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2006", "reference_id": "CVE-2002-2006", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-2006" }, { "reference_url": "https://github.com/advisories/GHSA-8g4f-fh7f-4fwh", "reference_id": "GHSA-8g4f-fh7f-4fwh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8g4f-fh7f-4fwh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61643?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@3.3a", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.3a" }, { "url": "http://public2.vulnerablecode.io/api/packages/61616?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af1-rv9j-jugv" }, { "vulnerability": "VCID-2jws-wtvg-2khf" }, { "vulnerability": "VCID-5jm8-9upn-g7f4" }, { "vulnerability": "VCID-7787-4bwm-efgq" }, { "vulnerability": "VCID-96yu-fvee-wfbs" }, { "vulnerability": "VCID-ccfn-tde4-s7hr" }, { "vulnerability": "VCID-crhe-rt8j-wycu" }, { "vulnerability": "VCID-eygg-nt7y-qubh" }, { "vulnerability": "VCID-hmqa-jhuf-hfe2" }, { "vulnerability": "VCID-kxc3-vz2c-wqca" }, { "vulnerability": "VCID-qz87-x4zb-rud7" }, { "vulnerability": "VCID-rdr4-db3y-p3cz" }, { "vulnerability": "VCID-sjn3-a6fs-gyck" }, { "vulnerability": "VCID-t4mh-zvhq-27du" }, { "vulnerability": "VCID-wg7f-pjmn-uudk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.0" } ], "aliases": [ "CVE-2002-2006", "GHSA-8g4f-fh7f-4fwh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wpnp-3yad-ybcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43050?format=api", "vulnerability_id": "VCID-x9v1-6ysy-bfcm", "summary": "Apache Tomcat Denial of Service vulnerability in the Catalina package\nThe Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506" }, { "reference_url": "http://secunia.com/advisories/30899", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30899" }, { "reference_url": "http://secunia.com/advisories/30908", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30908" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13429", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13429" }, { "reference_url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" }, { "reference_url": "http://tomcat.apache.org/security-4.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://tomcat.apache.org/security-4.html" }, { "reference_url": "http://www.debian.org/security/2003/dsa-395", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2003/dsa-395" }, { "reference_url": "http://www.securityfocus.com/bid/8824", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/8824" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/1979/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/1979/references" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0866", "reference_id": "CVE-2003-0866", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0866" }, { "reference_url": "https://github.com/advisories/GHSA-7wj2-48c4-2684", "reference_id": "GHSA-7wj2-48c4-2684", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7wj2-48c4-2684" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61616?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2af1-rv9j-jugv" }, { "vulnerability": "VCID-2jws-wtvg-2khf" }, { "vulnerability": "VCID-5jm8-9upn-g7f4" }, { "vulnerability": "VCID-7787-4bwm-efgq" }, { "vulnerability": "VCID-96yu-fvee-wfbs" }, { "vulnerability": "VCID-ccfn-tde4-s7hr" }, { "vulnerability": "VCID-crhe-rt8j-wycu" }, { "vulnerability": "VCID-eygg-nt7y-qubh" }, { "vulnerability": "VCID-hmqa-jhuf-hfe2" }, { "vulnerability": "VCID-kxc3-vz2c-wqca" }, { "vulnerability": "VCID-qz87-x4zb-rud7" }, { "vulnerability": "VCID-rdr4-db3y-p3cz" }, { "vulnerability": "VCID-sjn3-a6fs-gyck" }, { "vulnerability": "VCID-t4mh-zvhq-27du" }, { "vulnerability": "VCID-wg7f-pjmn-uudk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.0" } ], "aliases": [ "CVE-2003-0866", "GHSA-7wj2-48c4-2684" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9v1-6ysy-bfcm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.0" }