Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat@7.0.66

Type maven

Namespace org.apache.tomcat

Name tomcat

Version 7.0.66

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.0.68

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-e2gy-1c6a-6fdf

vulnerability_id VCID-e2gy-1c6a-6fdf

summary

Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

reference_url	http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2046.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2046.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2807.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2807.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2808.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2808.html

reference_url	https://access.redhat.com/errata/RHSA-2016:1087
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1087

reference_url	https://access.redhat.com/errata/RHSA-2016:1088
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1088

reference_url	https://bto.bluecoat.com/security-advisory/sa118
reference_id
reference_type
scores
url	https://bto.bluecoat.com/security-advisory/sa118

reference_url	https://bz.apache.org/bugzilla/show_bug.cgi?id=58809
reference_id
reference_type
scores
url	https://bz.apache.org/bugzilla/show_bug.cgi?id=58809

reference_url	http://seclists.org/bugtraq/2016/Feb/143
reference_id
reference_type
scores
url	http://seclists.org/bugtraq/2016/Feb/143

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201705-09

reference_url	https://security.netapp.com/advisory/ntap-20180531-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180531-0001/

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1713184
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1713184

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1713185
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1713185

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1713187
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1713187

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1723414
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1723414

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1723506
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1723506

reference_url	http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-7.html

reference_url	http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-8.html

reference_url	http://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-9.html

reference_url	http://www.debian.org/security/2016/dsa-3530
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3530

reference_url	http://www.debian.org/security/2016/dsa-3552
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3552

reference_url	http://www.debian.org/security/2016/dsa-3609
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3609

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

reference_url	http://www.ubuntu.com/usn/USN-3024-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3024-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-5346
reference_id	CVE-2015-5346
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-5346

reference_url	https://github.com/advisories/GHSA-jrcp-c39h-r29x
reference_id	GHSA-jrcp-c39h-r29x
reference_type
scores
url	https://github.com/advisories/GHSA-jrcp-c39h-r29x

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@7.0.66
purl	pkg:maven/org.apache.tomcat/tomcat@7.0.66
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.66

url	pkg:maven/org.apache.tomcat/tomcat@8.0.31
purl	pkg:maven/org.apache.tomcat/tomcat@8.0.31
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.31

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j1m6-79yt-f7h5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

aliases CVE-2015-5346, GHSA-jrcp-c39h-r29x

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2gy-1c6a-6fdf

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.66

Package Instance