Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@3.3.0
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version3.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3a
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
0
url VCID-6d5n-5df2-7fgs
vulnerability_id VCID-6d5n-5df2-7fgs
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
references
0
reference_url https://web.archive.org/web/20070824135030/http://securityreason.com/securityalert/2971
reference_id
reference_type
scores
url https://web.archive.org/web/20070824135030/http://securityreason.com/securityalert/2971
1
reference_url https://web.archive.org/web/20071117100258/http://securitytracker.com/alerts/2007/Aug/1018503.html
reference_id
reference_type
scores
url https://web.archive.org/web/20071117100258/http://securitytracker.com/alerts/2007/Aug/1018503.html
2
reference_url https://web.archive.org/web/20170323011513/http://www.securityfocus.com/bid/25174
reference_id
reference_type
scores
url https://web.archive.org/web/20170323011513/http://www.securityfocus.com/bid/25174
3
reference_url https://web.archive.org/web/20201207035111/http://www.securityfocus.com/archive/1/475321/100/0/threaded
reference_id
reference_type
scores
url https://web.archive.org/web/20201207035111/http://www.securityfocus.com/archive/1/475321/100/0/threaded
4
reference_url http://tomcat.apache.org/security-3.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-3.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-3384
reference_id CVE-2007-3384
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2007-3384
6
reference_url https://github.com/advisories/GHSA-36hp-4x3g-phrg
reference_id GHSA-36hp-4x3g-phrg
reference_type
scores
url https://github.com/advisories/GHSA-36hp-4x3g-phrg
fixed_packages
aliases CVE-2007-3384, GHSA-36hp-4x3g-phrg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6d5n-5df2-7fgs
1
url VCID-qz87-x4zb-rud7
vulnerability_id VCID-qz87-x4zb-rud7
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
references
0
reference_url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
reference_id
reference_type
scores
url http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
1
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/36006
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/36006
5
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
8
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
url http://support.apple.com/kb/HT2163
9
reference_url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
10
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-6.html
11
reference_url http://www.debian.org/security/2008/dsa-1447
reference_id
reference_type
scores
url http://www.debian.org/security/2008/dsa-1447
12
reference_url http://www.debian.org/security/2008/dsa-1453
reference_id
reference_type
scores
url http://www.debian.org/security/2008/dsa-1453
13
reference_url http://www.redhat.com/support/errata/RHSA-2007-0871.html
reference_id
reference_type
scores
url http://www.redhat.com/support/errata/RHSA-2007-0871.html
14
reference_url http://www.redhat.com/support/errata/RHSA-2007-0950.html
reference_id
reference_type
scores
url http://www.redhat.com/support/errata/RHSA-2007-0950.html
15
reference_url http://www.redhat.com/support/errata/RHSA-2008-0195.html
reference_id
reference_type
scores
url http://www.redhat.com/support/errata/RHSA-2008-0195.html
16
reference_url http://www.redhat.com/support/errata/RHSA-2008-0261.html
reference_id
reference_type
scores
url http://www.redhat.com/support/errata/RHSA-2008-0261.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-3382
reference_id CVE-2007-3382
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2007-3382
18
reference_url https://github.com/advisories/GHSA-qff8-g48j-pwpw
reference_id GHSA-qff8-g48j-pwpw
reference_type
scores
url https://github.com/advisories/GHSA-qff8-g48j-pwpw
fixed_packages
aliases CVE-2007-3382, GHSA-qff8-g48j-pwpw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qz87-x4zb-rud7
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@3.3.0