Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat@7.0.65

Type maven

Namespace org.apache.tomcat

Name tomcat

Version 7.0.65

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.0.66

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

url VCID-e2gy-1c6a-6fdf

vulnerability_id VCID-e2gy-1c6a-6fdf

summary

Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

reference_url	http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2046.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2046.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2807.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2807.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2808.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2808.html

reference_url	https://access.redhat.com/errata/RHSA-2016:1087
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1087

reference_url	https://access.redhat.com/errata/RHSA-2016:1088
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1088

reference_url	https://bto.bluecoat.com/security-advisory/sa118
reference_id
reference_type
scores
url	https://bto.bluecoat.com/security-advisory/sa118

reference_url	https://bz.apache.org/bugzilla/show_bug.cgi?id=58809
reference_id
reference_type
scores
url	https://bz.apache.org/bugzilla/show_bug.cgi?id=58809

reference_url	http://seclists.org/bugtraq/2016/Feb/143
reference_id
reference_type
scores
url	http://seclists.org/bugtraq/2016/Feb/143

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201705-09

reference_url	https://security.netapp.com/advisory/ntap-20180531-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180531-0001/

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1713184
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1713184

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1713185
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1713185

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1713187
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1713187

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1723414
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1723414

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1723506
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1723506

reference_url	http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-7.html

reference_url	http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-8.html

reference_url	http://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-9.html

reference_url	http://www.debian.org/security/2016/dsa-3530
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3530

reference_url	http://www.debian.org/security/2016/dsa-3552
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3552

reference_url	http://www.debian.org/security/2016/dsa-3609
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3609

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

reference_url	http://www.ubuntu.com/usn/USN-3024-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3024-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-5346
reference_id	CVE-2015-5346
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-5346

reference_url	https://github.com/advisories/GHSA-jrcp-c39h-r29x
reference_id	GHSA-jrcp-c39h-r29x
reference_type
scores
url	https://github.com/advisories/GHSA-jrcp-c39h-r29x

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@7.0.66
purl	pkg:maven/org.apache.tomcat/tomcat@7.0.66
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.66

url	pkg:maven/org.apache.tomcat/tomcat@8.0.31
purl	pkg:maven/org.apache.tomcat/tomcat@8.0.31
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.31

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j1m6-79yt-f7h5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

aliases CVE-2015-5346, GHSA-jrcp-c39h-r29x

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2gy-1c6a-6fdf

Fixing_vulnerabilities

url VCID-zrc5-bf77-aygn

vulnerability_id VCID-zrc5-bf77-aygn

summary

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

references

reference_url	https://access.redhat.com/errata/RHSA-2016:1432
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1432

reference_url	https://access.redhat.com/errata/RHSA-2016:1433
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1433

reference_url	https://access.redhat.com/errata/RHSA-2016:1434
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1434

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@%3Cusers.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@%3Cusers.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@%3Cusers.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@%3Cusers.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@%3Cusers.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@%3Cusers.tomcat.apache.org%3E

reference_url	https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201705-09

reference_url	https://security.netapp.com/advisory/ntap-20180531-0001
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180531-0001

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-5174
reference_id	CVE-2015-5174
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-5174

reference_url	https://github.com/advisories/GHSA-6qr6-x7jm-x2q6
reference_id	GHSA-6qr6-x7jm-x2q6
reference_type
scores
url	https://github.com/advisories/GHSA-6qr6-x7jm-x2q6

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@6.0.45

purl pkg:maven/org.apache.tomcat/tomcat@6.0.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-tcmv-6ftg-fqen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.45

url pkg:maven/org.apache.tomcat/tomcat@7.0.65

purl pkg:maven/org.apache.tomcat/tomcat@7.0.65

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e2gy-1c6a-6fdf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.65

url	pkg:maven/org.apache.tomcat/tomcat@8.0.27
purl	pkg:maven/org.apache.tomcat/tomcat@8.0.27
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.27

aliases CVE-2015-5174, GHSA-6qr6-x7jm-x2q6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zrc5-bf77-aygn

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.65

Package Instance