Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@5.5.34
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version5.5.34
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version5.5.35
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-46sr-9kr3-1ubw
vulnerability_id VCID-46sr-9kr3-1ubw
summary 
Improper Authentication
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
2
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
3
reference_url http://rhn.redhat.com/errata/RHSA-2012-0074.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0074.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2012-0075.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0075.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2012-0076.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0076.html
6
reference_url http://secunia.com/advisories/57126
reference_id
reference_type
scores
url http://secunia.com/advisories/57126
7
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
11
reference_url http://svn.apache.org/viewvc?view=rev&rev=1087655
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1087655
12
reference_url http://svn.apache.org/viewvc?view=rev&rev=1158180
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1158180
13
reference_url http://svn.apache.org/viewvc?view=rev&rev=1159309
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1159309
14
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-5.html
15
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-6.html
16
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-7.html
17
reference_url http://www.debian.org/security/2012/dsa-2401
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2401
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-5063
reference_id CVE-2011-5063
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-5063
19
reference_url https://github.com/advisories/GHSA-hffm-fqv4-w27r
reference_id GHSA-hffm-fqv4-w27r
reference_type
scores
url https://github.com/advisories/GHSA-hffm-fqv4-w27r
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@5.5.34
purl pkg:maven/org.apache.tomcat/tomcat@5.5.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.34
1
url pkg:maven/org.apache.tomcat/tomcat@6.0.33
purl pkg:maven/org.apache.tomcat/tomcat@6.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t2h-jjhm-y7fq
1
vulnerability VCID-ft1c-mand-mkcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.33
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.12
purl pkg:maven/org.apache.tomcat/tomcat@7.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e8h-uhj4-akhz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.12
aliases CVE-2011-5063, GHSA-hffm-fqv4-w27r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-46sr-9kr3-1ubw
1
url VCID-4t2h-jjhm-y7fq
vulnerability_id VCID-4t2h-jjhm-y7fq
summary 
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
references
0
reference_url http://marc.info/?l=bugtraq&m=132215163318824&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=132215163318824&w=2
1
reference_url http://marc.info/?l=bugtraq&m=133469267822771&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=133469267822771&w=2
2
reference_url http://marc.info/?l=bugtraq&m=136485229118404&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=136485229118404&w=2
3
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
4
reference_url http://securityreason.com/securityalert/8362
reference_id
reference_type
scores
url http://securityreason.com/securityalert/8362
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
6
reference_url https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
reference_id
reference_type
scores
url https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
7
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
11
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
reference_id
reference_type
scores
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
12
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
reference_id
reference_type
scores
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
13
reference_url http://www.debian.org/security/2012/dsa-2401
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2401
14
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
15
reference_url http://www.securityfocus.com/archive/1/519466/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/519466/100/0/threaded
16
reference_url http://www.securityfocus.com/bid/49353
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/49353
17
reference_url http://www.securitytracker.com/id?1025993
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1025993
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3190
reference_id CVE-2011-3190
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-3190
19
reference_url https://github.com/advisories/GHSA-c38m-v4m2-524v
reference_id GHSA-c38m-v4m2-524v
reference_type
scores
url https://github.com/advisories/GHSA-c38m-v4m2-524v
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@5.5.34
purl pkg:maven/org.apache.tomcat/tomcat@5.5.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.34
1
url pkg:maven/org.apache.tomcat/tomcat@6.0.34
purl pkg:maven/org.apache.tomcat/tomcat@6.0.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.34
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.21
purl pkg:maven/org.apache.tomcat/tomcat@7.0.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.21
aliases CVE-2011-3190, GHSA-c38m-v4m2-524v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4t2h-jjhm-y7fq
2
url VCID-74c7-a56p-kufz
vulnerability_id VCID-74c7-a56p-kufz
summary 
Use of Hard-coded Cryptographic Key in Apache Tomcat
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
2
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
3
reference_url http://rhn.redhat.com/errata/RHSA-2012-0074.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0074.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2012-0075.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0075.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2012-0076.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0076.html
6
reference_url http://secunia.com/advisories/57126
reference_id
reference_type
scores
url http://secunia.com/advisories/57126
7
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
11
reference_url http://svn.apache.org/viewvc?view=rev&rev=1087655
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1087655
12
reference_url http://svn.apache.org/viewvc?view=rev&rev=1158180
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1158180
13
reference_url http://svn.apache.org/viewvc?view=rev&rev=1159309
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1159309
14
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-5.html
15
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-6.html
16
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-7.html
17
reference_url http://www.debian.org/security/2012/dsa-2401
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2401
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-5064
reference_id CVE-2011-5064
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-5064
19
reference_url https://github.com/advisories/GHSA-6cr4-7c7p-p3xv
reference_id GHSA-6cr4-7c7p-p3xv
reference_type
scores
url https://github.com/advisories/GHSA-6cr4-7c7p-p3xv
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@5.5.34
purl pkg:maven/org.apache.tomcat/tomcat@5.5.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.34
1
url pkg:maven/org.apache.tomcat/tomcat@6.0.33
purl pkg:maven/org.apache.tomcat/tomcat@6.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t2h-jjhm-y7fq
1
vulnerability VCID-ft1c-mand-mkcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.33
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.12
purl pkg:maven/org.apache.tomcat/tomcat@7.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e8h-uhj4-akhz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.12
aliases CVE-2011-5064, GHSA-6cr4-7c7p-p3xv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74c7-a56p-kufz
3
url VCID-89e9-m968-vfhe
vulnerability_id VCID-89e9-m968-vfhe
summary 
Authentication Bypass in Apache Tomcat
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
2
reference_url http://marc.info/?l=bugtraq&m=133469267822771&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=133469267822771&w=2
3
reference_url http://marc.info/?l=bugtraq&m=136485229118404&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=136485229118404&w=2
4
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
5
reference_url http://rhn.redhat.com/errata/RHSA-2012-0074.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0074.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2012-0075.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0075.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2012-0076.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0076.html
8
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
12
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169
reference_id
reference_type
scores
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19169
13
reference_url http://svn.apache.org/viewvc?view=rev&rev=1087655
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1087655
14
reference_url http://svn.apache.org/viewvc?view=rev&rev=1158180
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1158180
15
reference_url http://svn.apache.org/viewvc?view=rev&rev=1159309
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1159309
16
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-5.html
17
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-6.html
18
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-7.html
19
reference_url http://www.debian.org/security/2012/dsa-2401
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2401
20
reference_url http://www.redhat.com/support/errata/RHSA-2011-1845.html
reference_id
reference_type
scores
url http://www.redhat.com/support/errata/RHSA-2011-1845.html
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1184
reference_id CVE-2011-1184
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-1184
22
reference_url https://github.com/advisories/GHSA-q9xf-jwr4-v445
reference_id GHSA-q9xf-jwr4-v445
reference_type
scores
url https://github.com/advisories/GHSA-q9xf-jwr4-v445
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@5.5.34
purl pkg:maven/org.apache.tomcat/tomcat@5.5.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.34
1
url pkg:maven/org.apache.tomcat/tomcat@6.0.33
purl pkg:maven/org.apache.tomcat/tomcat@6.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t2h-jjhm-y7fq
1
vulnerability VCID-ft1c-mand-mkcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.33
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.12
purl pkg:maven/org.apache.tomcat/tomcat@7.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e8h-uhj4-akhz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.12
aliases CVE-2011-1184, GHSA-q9xf-jwr4-v445
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-89e9-m968-vfhe
4
url VCID-9hm5-e4dw-6ffe
vulnerability_id VCID-9hm5-e4dw-6ffe
summary 
Improper Authentication in Apache Tomcat
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html
2
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
3
reference_url http://rhn.redhat.com/errata/RHSA-2012-0074.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0074.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2012-0075.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0075.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2012-0076.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0076.html
6
reference_url http://secunia.com/advisories/57126
reference_id
reference_type
scores
url http://secunia.com/advisories/57126
7
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
11
reference_url http://svn.apache.org/viewvc?view=rev&rev=1087655
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1087655
12
reference_url http://svn.apache.org/viewvc?view=rev&rev=1158180
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1158180
13
reference_url http://svn.apache.org/viewvc?view=rev&rev=1159309
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=rev&rev=1159309
14
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-5.html
15
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-6.html
16
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-7.html
17
reference_url http://www.debian.org/security/2012/dsa-2401
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2401
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-5062
reference_id CVE-2011-5062
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-5062
19
reference_url https://github.com/advisories/GHSA-4f7h-9j2x-cmr4
reference_id GHSA-4f7h-9j2x-cmr4
reference_type
scores
url https://github.com/advisories/GHSA-4f7h-9j2x-cmr4
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@5.5.34
purl pkg:maven/org.apache.tomcat/tomcat@5.5.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.34
1
url pkg:maven/org.apache.tomcat/tomcat@6.0.33
purl pkg:maven/org.apache.tomcat/tomcat@6.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t2h-jjhm-y7fq
1
vulnerability VCID-ft1c-mand-mkcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.33
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.12
purl pkg:maven/org.apache.tomcat/tomcat@7.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e8h-uhj4-akhz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.12
aliases CVE-2011-5062, GHSA-4f7h-9j2x-cmr4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hm5-e4dw-6ffe
5
url VCID-aar2-398x-p3d8
vulnerability_id VCID-aar2-398x-p3d8
summary 
Improper Input Validation
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
references
0
reference_url http://marc.info/?l=bugtraq&m=132215163318824&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=132215163318824&w=2
1
reference_url http://marc.info/?l=bugtraq&m=133469267822771&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=133469267822771&w=2
2
reference_url http://marc.info/?l=bugtraq&m=136485229118404&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=136485229118404&w=2
3
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
4
reference_url http://rhn.redhat.com/errata/RHSA-2012-0074.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0074.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2012-0075.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0075.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2012-0076.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-0076.html
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=720948
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=720948
8
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/68541
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/68541
9
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
13
reference_url http://svn.apache.org/viewvc?view=revision&revision=1145383
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1145383
14
reference_url http://svn.apache.org/viewvc?view=revision&revision=1145571
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1145571
15
reference_url http://svn.apache.org/viewvc?view=revision&revision=1145694
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1145694
16
reference_url http://svn.apache.org/viewvc?view=revision&revision=1146005
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1146005
17
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-5.html
18
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-6.html
19
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-7.html
20
reference_url http://www.debian.org/security/2012/dsa-2401
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2401
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2526
reference_id CVE-2011-2526
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-2526
22
reference_url https://github.com/advisories/GHSA-9ggm-7897-x4mg
reference_id GHSA-9ggm-7897-x4mg
reference_type
scores
url https://github.com/advisories/GHSA-9ggm-7897-x4mg
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@5.5.34
purl pkg:maven/org.apache.tomcat/tomcat@5.5.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.34
1
url pkg:maven/org.apache.tomcat/tomcat@6.0.33
purl pkg:maven/org.apache.tomcat/tomcat@6.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t2h-jjhm-y7fq
1
vulnerability VCID-ft1c-mand-mkcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.33
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.19
purl pkg:maven/org.apache.tomcat/tomcat@7.0.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.19
aliases CVE-2011-2526, GHSA-9ggm-7897-x4mg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aar2-398x-p3d8
6
url VCID-jw6e-g8z9-43ej
vulnerability_id VCID-jw6e-g8z9-43ej
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
references
0
reference_url http://marc.info/?l=bugtraq&m=132215163318824&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=132215163318824&w=2
1
reference_url http://marc.info/?l=bugtraq&m=133469267822771&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=133469267822771&w=2
2
reference_url http://marc.info/?l=bugtraq&m=136485229118404&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=136485229118404&w=2
3
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=717013
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=717013
5
reference_url http://securitytracker.com/id?1025712
reference_id
reference_type
scores
url http://securitytracker.com/id?1025712
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/68238
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/68238
7
reference_url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
11
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931
reference_id
reference_type
scores
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931
12
reference_url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532
reference_id
reference_type
scores
url https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532
13
reference_url http://support.apple.com/kb/HT5130
reference_id
reference_type
scores
url http://support.apple.com/kb/HT5130
14
reference_url http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-5.html
15
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-6.html
16
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-7.html
17
reference_url http://www.debian.org/security/2012/dsa-2401
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2401
18
reference_url http://www.redhat.com/support/errata/RHSA-2011-1845.html
reference_id
reference_type
scores
url http://www.redhat.com/support/errata/RHSA-2011-1845.html
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2204
reference_id CVE-2011-2204
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-2204
20
reference_url https://github.com/advisories/GHSA-c57p-3v2g-w9rg
reference_id GHSA-c57p-3v2g-w9rg
reference_type
scores
url https://github.com/advisories/GHSA-c57p-3v2g-w9rg
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@5.5.34
purl pkg:maven/org.apache.tomcat/tomcat@5.5.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.34
1
url pkg:maven/org.apache.tomcat/tomcat@6.0.33
purl pkg:maven/org.apache.tomcat/tomcat@6.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t2h-jjhm-y7fq
1
vulnerability VCID-ft1c-mand-mkcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.33
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.19
purl pkg:maven/org.apache.tomcat/tomcat@7.0.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.19
aliases CVE-2011-2204, GHSA-c57p-3v2g-w9rg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jw6e-g8z9-43ej
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.34