Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat@6.0.37

Type maven

Namespace org.apache.tomcat

Name tomcat

Version 6.0.37

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 6.0.38

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-e72e-axdj-7qfw

vulnerability_id VCID-e72e-axdj-7qfw

summary

Improper Authentication
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

references

reference_url	http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html
reference_id
reference_type
scores
url	http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0833.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0833.html

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0834.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0834.html

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0839.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0839.html

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0964.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0964.html

reference_url	http://rhn.redhat.com/errata/RHSA-2013-1437.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-1437.html

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_url	http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891

reference_url	http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1408044&r2=1408043&pathrev=1408044

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1408044
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1408044

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1417891
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1417891

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-7.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_url	http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

reference_url	http://www.securityfocus.com/bid/59799
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/59799

reference_url	http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/64758

reference_url	http://www.ubuntu.com/usn/USN-1841-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-1841-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2013-2067
reference_id	CVE-2013-2067
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2013-2067

reference_url	https://github.com/advisories/GHSA-6m48-jxwx-76q7
reference_id	GHSA-6m48-jxwx-76q7
reference_type
scores
url	https://github.com/advisories/GHSA-6m48-jxwx-76q7

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@6.0.37
purl	pkg:maven/org.apache.tomcat/tomcat@6.0.37
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.37

url	pkg:maven/org.apache.tomcat/tomcat@7.0.33
purl	pkg:maven/org.apache.tomcat/tomcat@7.0.33
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.33

aliases CVE-2013-2067, GHSA-6m48-jxwx-76q7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e72e-axdj-7qfw

url VCID-f4ka-47dk-zffs

vulnerability_id VCID-f4ka-47dk-zffs

summary

Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

references

reference_url	https://github.com/apache/tomcat
reference_id
reference_type
scores
url	https://github.com/apache/tomcat

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2012-3544
reference_id	CVE-2012-3544
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2012-3544

reference_url	https://github.com/advisories/GHSA-qfxv-3ppc-7qg5
reference_id	GHSA-qfxv-3ppc-7qg5
reference_type
scores
url	https://github.com/advisories/GHSA-qfxv-3ppc-7qg5

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@6.0.37
purl	pkg:maven/org.apache.tomcat/tomcat@6.0.37
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.37

url	pkg:maven/org.apache.tomcat/tomcat@7.0.30
purl	pkg:maven/org.apache.tomcat/tomcat@7.0.30
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.30

aliases CVE-2012-3544, GHSA-qfxv-3ppc-7qg5

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4ka-47dk-zffs

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.37

Package Instance