Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat@5.5.29

Type maven

Namespace org.apache.tomcat

Name tomcat

Version 5.5.29

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.5.30

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

url VCID-pzkk-4e94-aqag

vulnerability_id VCID-pzkk-4e94-aqag

summary

Exposure of Sensitive Information to an Unauthorized Actor
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

reference_url	http://marc.info/?l=bugtraq&m=129070310906557&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=129070310906557&w=2

reference_url	http://marc.info/?l=bugtraq&m=133469267822771&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=133469267822771&w=2

reference_url	http://marc.info/?l=bugtraq&m=136485229118404&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=136485229118404&w=2

reference_url	http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=139344343412337&w=2

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492

reference_url	http://support.apple.com/kb/HT5002
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT5002

reference_url	http://svn.apache.org/viewvc?view=revision&revision=936540
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=936540

reference_url	http://svn.apache.org/viewvc?view=revision&revision=936541
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=936541

reference_url	http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-5.html

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://www.debian.org/security/2011/dsa-2207
reference_id
reference_type
scores
url	http://www.debian.org/security/2011/dsa-2207

reference_url	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2011-0003.html

reference_url	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
reference_id
reference_type
scores
url	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2010-1157
reference_id	CVE-2010-1157
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2010-1157

reference_url	https://github.com/advisories/GHSA-w6q7-ww2x-7gm3
reference_id	GHSA-w6q7-ww2x-7gm3
reference_type
scores
url	https://github.com/advisories/GHSA-w6q7-ww2x-7gm3

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@5.5.30
purl	pkg:maven/org.apache.tomcat/tomcat@5.5.30
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.30

url	pkg:maven/org.apache.tomcat/tomcat@6.0.28
purl	pkg:maven/org.apache.tomcat/tomcat@6.0.28
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.28

aliases CVE-2010-1157, GHSA-w6q7-ww2x-7gm3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pzkk-4e94-aqag

Fixing_vulnerabilities

url VCID-9j31-459b-4qbm

vulnerability_id VCID-9j31-459b-4qbm

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

reference_url	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

reference_url	http://marc.info/?l=bugtraq&m=127420533226623&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=127420533226623&w=2

reference_url	http://marc.info/?l=bugtraq&m=133469267822771&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=133469267822771&w=2

reference_url	http://marc.info/?l=bugtraq&m=136485229118404&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=136485229118404&w=2

reference_url	http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=139344343412337&w=2

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/55857
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/55857

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431

reference_url	http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT4077

reference_url	http://svn.apache.org/viewvc?rev=892815&view=rev
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?rev=892815&view=rev

reference_url	http://svn.apache.org/viewvc?rev=902650&view=rev
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?rev=902650&view=rev

reference_url	http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-5.html

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://ubuntu.com/usn/usn-899-1
reference_id
reference_type
scores
url	http://ubuntu.com/usn/usn-899-1

reference_url	http://www.debian.org/security/2011/dsa-2207
reference_id
reference_type
scores
url	http://www.debian.org/security/2011/dsa-2207

reference_url	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2011-0003.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2009-2902
reference_id	CVE-2009-2902
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2009-2902

reference_url	https://github.com/advisories/GHSA-8wch-9gcg-v2pr
reference_id	GHSA-8wch-9gcg-v2pr
reference_type
scores
url	https://github.com/advisories/GHSA-8wch-9gcg-v2pr

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@5.5.29

purl pkg:maven/org.apache.tomcat/tomcat@5.5.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pzkk-4e94-aqag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.29

url	pkg:maven/org.apache.tomcat/tomcat@6.0.24
purl	pkg:maven/org.apache.tomcat/tomcat@6.0.24
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.24

aliases CVE-2009-2902, GHSA-8wch-9gcg-v2pr

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9j31-459b-4qbm

url VCID-eawm-8v9w-yfap

vulnerability_id VCID-eawm-8v9w-yfap

summary

Improper Authentication in Apache Tomcat
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

references

reference_url	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

reference_url	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

reference_url	http://marc.info/?l=bugtraq&m=127420533226623&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=127420533226623&w=2

reference_url	http://marc.info/?l=bugtraq&m=133469267822771&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=133469267822771&w=2

reference_url	http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=139344343412337&w=2

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/55856
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/55856

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT4077

reference_url	http://svn.apache.org/viewvc?rev=892815&view=rev
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?rev=892815&view=rev

reference_url	http://svn.apache.org/viewvc?rev=902650&view=rev
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?rev=902650&view=rev

reference_url	http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-5.html

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://ubuntu.com/usn/usn-899-1
reference_id
reference_type
scores
url	http://ubuntu.com/usn/usn-899-1

reference_url	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2011-0003.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2009-2901
reference_id	CVE-2009-2901
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2009-2901

reference_url	https://github.com/advisories/GHSA-hjfh-7c4v-7q8h
reference_id	GHSA-hjfh-7c4v-7q8h
reference_type
scores
url	https://github.com/advisories/GHSA-hjfh-7c4v-7q8h

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@5.5.29

purl pkg:maven/org.apache.tomcat/tomcat@5.5.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pzkk-4e94-aqag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.29

url	pkg:maven/org.apache.tomcat/tomcat@6.0.24
purl	pkg:maven/org.apache.tomcat/tomcat@6.0.24
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.24

aliases CVE-2009-2901, GHSA-hjfh-7c4v-7q8h

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eawm-8v9w-yfap

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.29

Package Instance