Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@5.5.33
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version5.5.33
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.5.34
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
0
url VCID-4t2h-jjhm-y7fq
vulnerability_id VCID-4t2h-jjhm-y7fq
summary 
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
references
0
reference_url http://marc.info/?l=bugtraq&m=132215163318824&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=132215163318824&w=2
1
reference_url http://marc.info/?l=bugtraq&m=133469267822771&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=133469267822771&w=2
2
reference_url http://marc.info/?l=bugtraq&m=136485229118404&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=136485229118404&w=2
3
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
4
reference_url http://securityreason.com/securityalert/8362
reference_id
reference_type
scores
url http://securityreason.com/securityalert/8362
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
6
reference_url https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
reference_id
reference_type
scores
url https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
7
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
11
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
reference_id
reference_type
scores
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
12
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
reference_id
reference_type
scores
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
13
reference_url http://www.debian.org/security/2012/dsa-2401
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2401
14
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
15
reference_url http://www.securityfocus.com/archive/1/519466/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/519466/100/0/threaded
16
reference_url http://www.securityfocus.com/bid/49353
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/49353
17
reference_url http://www.securitytracker.com/id?1025993
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1025993
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3190
reference_id CVE-2011-3190
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-3190
19
reference_url https://github.com/advisories/GHSA-c38m-v4m2-524v
reference_id GHSA-c38m-v4m2-524v
reference_type
scores
url https://github.com/advisories/GHSA-c38m-v4m2-524v
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@5.5.34
purl pkg:maven/org.apache.tomcat/tomcat@5.5.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.34
1
url pkg:maven/org.apache.tomcat/tomcat@6.0.34
purl pkg:maven/org.apache.tomcat/tomcat@6.0.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.34
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.21
purl pkg:maven/org.apache.tomcat/tomcat@7.0.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.21
aliases CVE-2011-3190, GHSA-c38m-v4m2-524v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4t2h-jjhm-y7fq
Fixing_vulnerabilities
0
url VCID-atus-ryef-17h1
vulnerability_id VCID-atus-ryef-17h1
summary 
Mozilla developers added support in the Network Security Services
module for preventing a type of man-in-the-middle attack against TLS
using forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and
Firefox 3.5 users will need to set
their security.ssl.require_safe_negotiation preference to
true.  Firefox 3 does not contain the fix for this issue.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
2
reference_url https://nginx.org/download/patch.cve-2009-3555.txt
reference_id
reference_type
scores
url https://nginx.org/download/patch.cve-2009-3555.txt
3
reference_url https://nginx.org/download/patch.cve-2009-3555.txt.asc
reference_id
reference_type
scores
url https://nginx.org/download/patch.cve-2009-3555.txt.asc
4
reference_url https://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-7.html
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
reference_id CVE-2009-3555
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-3555
reference_id CVE-2009-3555
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2009-3555
7
reference_url https://github.com/advisories/GHSA-f7w7-6pjc-wwm6
reference_id GHSA-f7w7-6pjc-wwm6
reference_type
scores
url https://github.com/advisories/GHSA-f7w7-6pjc-wwm6
8
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2010-22
reference_id mfsa2010-22
reference_type
scores
0
value low
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2010-22
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@5.5.33
purl pkg:maven/org.apache.tomcat/tomcat@5.5.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t2h-jjhm-y7fq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.33
1
url pkg:maven/org.apache.tomcat/tomcat@6.0.32
purl pkg:maven/org.apache.tomcat/tomcat@6.0.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.32
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.10
purl pkg:maven/org.apache.tomcat/tomcat@7.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.10
aliases CVE-2009-3555, GHSA-f7w7-6pjc-wwm6, VU#120541
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atus-ryef-17h1
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.33