Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat-coyote@8.0.0RC1

Type maven

Namespace org.apache.tomcat

Name tomcat-coyote

Version 8.0.0RC1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.0.3

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

url VCID-y9hs-ymcm-3ucx

vulnerability_id VCID-y9hs-ymcm-3ucx

summary

Improper Input Validation
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0244.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0244.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0245.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0245.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0246.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0246.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0247.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0247.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0250.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0250.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0457.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0457.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0527.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0527.html

reference_url	https://access.redhat.com/errata/RHSA-2017:0455
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0455

reference_url	https://access.redhat.com/errata/RHSA-2017:0456
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0456

reference_url	https://access.redhat.com/errata/RHSA-2017:0935
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0935

reference_url	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://security.netapp.com/advisory/ntap-20180607-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180607-0001/

reference_url	https://svn.apache.org/viewvc?view=revision&revision=1767641
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=revision&revision=1767641

reference_url	https://svn.apache.org/viewvc?view=revision&revision=1767645
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=revision&revision=1767645

reference_url	https://svn.apache.org/viewvc?view=revision&revision=1767653
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=revision&revision=1767653

reference_url	https://svn.apache.org/viewvc?view=revision&revision=1767675
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=revision&revision=1767675

reference_url	https://svn.apache.org/viewvc?view=revision&revision=1767683
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=revision&revision=1767683

reference_url	https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48
reference_id
reference_type
scores
url	https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48

reference_url	https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73
reference_id
reference_type
scores
url	https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73

reference_url	https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39
reference_id
reference_type
scores
url	https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39

reference_url	https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8
reference_id
reference_type
scores
url	https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8

reference_url	https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13
reference_id
reference_type
scores
url	https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13

reference_url	https://usn.ubuntu.com/4557-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4557-1/

reference_url	https://www.exploit-db.com/exploits/41783/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/41783/

reference_url	http://www.debian.org/security/2016/dsa-3738
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3738

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-6816
reference_id	CVE-2016-6816
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-6816

reference_url	https://github.com/advisories/GHSA-jc7p-5r39-9477
reference_id	GHSA-jc7p-5r39-9477
reference_type
scores
url	https://github.com/advisories/GHSA-jc7p-5r39-9477

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat-coyote@8.0.39
purl	pkg:maven/org.apache.tomcat/tomcat-coyote@8.0.39
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.0.39

url	pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.8
purl	pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.8

url	pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.0.M12
purl	pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.0.M12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.0.M12

aliases CVE-2016-6816, GHSA-jc7p-5r39-9477

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9hs-ymcm-3ucx

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.0.0RC1

Package Instance