Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat@3.2.1

Type maven

Namespace org.apache.tomcat

Name tomcat

Version 3.2.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 9.0.118

Latest_non_vulnerable_version 11.0.22

Affected_by_vulnerabilities

url VCID-5efr-bxfc-mbde

vulnerability_id VCID-5efr-bxfc-mbde

summary

Apache Tomcat allows webmasters to insert xss into error messages
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2001-0829

reference_id

reference_type

scores

value	0.00991
scoring_system	epss
scoring_elements	0.77237
published_at	2026-06-04T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.77267
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2001-0829

reference_url

https://web.archive.org/web/20021108153830/http://online.securityfocus.com/bid/2982

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20021108153830/http://online.securityfocus.com/bid/2982

reference_url

https://web.archive.org/web/20021201182720/http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20021201182720/http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme

reference_url

https://web.archive.org/web/20061208015126/http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20061208015126/http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0829

reference_id

CVE-2001-0829

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0829

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2001-0829

reference_id

CVE-2001-0829

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2001-0829

reference_url

https://github.com/advisories/GHSA-58hj-575g-5j25

reference_id

GHSA-58hj-575g-5j25

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-58hj-575g-5j25

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@3.2.2

purl pkg:maven/org.apache.tomcat/tomcat@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uass-dm1n-5ye1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.2.2

aliases CVE-2001-0829, GHSA-58hj-575g-5j25

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5efr-bxfc-mbde

url VCID-t1u3-h2qw-kyb4

vulnerability_id VCID-t1u3-h2qw-kyb4

summary

Apache Tomcat Allows Source Disclosure
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2001-0590

reference_id

reference_type

scores

value	0.48298
scoring_system	epss
scoring_elements	0.97797
published_at	2026-06-05T12:55:00Z

value	0.48298
scoring_system	epss
scoring_elements	0.97793
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2001-0590

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/6971

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/6971

reference_url

https://web.archive.org/web/20020711002734/http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20020711002734/http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590

reference_id

CVE-2001-0590

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2001-0590

reference_id

CVE-2001-0590

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2001-0590

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/20716.txt
reference_id	CVE-2001-0590;OSVDB-5580
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/20716.txt

reference_url	https://www.securityfocus.com/bid/2518/info
reference_id	CVE-2001-0590;OSVDB-5580
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/2518/info

reference_url

https://github.com/advisories/GHSA-x445-mmpw-7r4f

reference_id

GHSA-x445-mmpw-7r4f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x445-mmpw-7r4f

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@3.2.2

purl pkg:maven/org.apache.tomcat/tomcat@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uass-dm1n-5ye1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.2.2

aliases CVE-2001-0590, GHSA-x445-mmpw-7r4f

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1u3-h2qw-kyb4

url VCID-uass-dm1n-5ye1

vulnerability_id VCID-uass-dm1n-5ye1

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2001-1563

reference_id

reference_type

scores

value	0.0498
scoring_system	epss
scoring_elements	0.89866
published_at	2026-06-04T12:55:00Z

value	0.0498
scoring_system	epss
scoring_elements	0.89882
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2001-1563

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1563

reference_id

CVE-2001-1563

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1563

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@3.2.4

purl pkg:maven/org.apache.tomcat/tomcat@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-634c-ymju-ayd4

vulnerability	VCID-9wav-vv7v-vqgg

vulnerability	VCID-ax2u-tqd6-t3an

vulnerability	VCID-d348-wmg8-xfc8

vulnerability	VCID-kxv6-h4fp-dfeq

vulnerability	VCID-sn4j-5r9j-dyad

vulnerability	VCID-w9cc-qjyx-v7b3

vulnerability	VCID-wpnp-3yad-ybcj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.2.4

aliases CVE-2001-1563

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uass-dm1n-5ye1

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.2.1

Package Instance