Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat@8.0.32

Type maven

Namespace org.apache.tomcat

Name tomcat

Version 8.0.32

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 8.0.37

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-5m85-3zyu-7qak

vulnerability_id VCID-5m85-3zyu-7qak

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

reference_url	http://marc.info/?l=bugtraq&m=145974991225029&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145974991225029&w=2

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2045.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2045.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2599.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2599.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2807.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2807.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2808.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2808.html

reference_url	https://access.redhat.com/errata/RHSA-2016:1087
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1087

reference_url	https://access.redhat.com/errata/RHSA-2016:1088
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1088

reference_url	http://seclists.org/bugtraq/2016/Feb/145
reference_id
reference_type
scores
url	http://seclists.org/bugtraq/2016/Feb/145

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201705-09

reference_url	https://security.netapp.com/advisory/ntap-20180531-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180531-0001/

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1725263
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1725263

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1725914
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1725914

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1726196
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1726196

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1726203
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1726203

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1726923
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1726923

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1727034
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1727034

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1727166
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1727166

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1727182
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1727182

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-7.html

reference_url	http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-8.html

reference_url	http://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-9.html

reference_url	http://www.debian.org/security/2016/dsa-3530
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3530

reference_url	http://www.debian.org/security/2016/dsa-3552
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3552

reference_url	http://www.debian.org/security/2016/dsa-3609
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3609

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

reference_url	http://www.ubuntu.com/usn/USN-3024-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3024-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-0714
reference_id	CVE-2016-0714
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-0714

reference_url	https://github.com/advisories/GHSA-mv42-px54-87jw
reference_id	GHSA-mv42-px54-87jw
reference_type
scores
url	https://github.com/advisories/GHSA-mv42-px54-87jw

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@6.0.46
purl	pkg:maven/org.apache.tomcat/tomcat@6.0.46
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.46

url pkg:maven/org.apache.tomcat/tomcat@7.0.70

purl pkg:maven/org.apache.tomcat/tomcat@7.0.70

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s37s-p75k-27e6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.70

url	pkg:maven/org.apache.tomcat/tomcat@8.0.32
purl	pkg:maven/org.apache.tomcat/tomcat@8.0.32
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.32

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j1m6-79yt-f7h5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

aliases CVE-2016-0714, GHSA-mv42-px54-87jw

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5m85-3zyu-7qak

url VCID-j1m6-79yt-f7h5

vulnerability_id VCID-j1m6-79yt-f7h5

summary

Improper Verification of Source of a Communication Channel in Apache Tomcat
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2599.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2599.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2807.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2807.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2808.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2808.html

reference_url	https://access.redhat.com/errata/RHSA-2016:1087
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1087

reference_url	https://access.redhat.com/errata/RHSA-2016:1088
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1088

reference_url	http://seclists.org/bugtraq/2016/Feb/147
reference_id
reference_type
scores
url	http://seclists.org/bugtraq/2016/Feb/147

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

reference_url	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201705-09

reference_url	https://security.netapp.com/advisory/ntap-20180531-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180531-0001/

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1725926
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1725926

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1725929
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1725929

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1725931
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1725931

reference_url	http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-7.html

reference_url	http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-8.html

reference_url	http://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-9.html

reference_url	http://www.debian.org/security/2016/dsa-3530
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3530

reference_url	http://www.debian.org/security/2016/dsa-3552
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3552

reference_url	http://www.debian.org/security/2016/dsa-3609
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3609

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

reference_url	http://www.ubuntu.com/usn/USN-3024-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3024-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-0763
reference_id	CVE-2016-0763
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-0763

reference_url	https://github.com/advisories/GHSA-9hjv-9h75-xmpp
reference_id	GHSA-9hjv-9h75-xmpp
reference_type
scores
url	https://github.com/advisories/GHSA-9hjv-9h75-xmpp

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@7.0.68
purl	pkg:maven/org.apache.tomcat/tomcat@7.0.68
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.68

url	pkg:maven/org.apache.tomcat/tomcat@8.0.32
purl	pkg:maven/org.apache.tomcat/tomcat@8.0.32
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.32

url	pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3
purl	pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M3

aliases CVE-2016-0763, GHSA-9hjv-9h75-xmpp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1m6-79yt-f7h5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.32

Package Instance