Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat-coyote@9.0.115
Typemaven
Namespaceorg.apache.tomcat
Nametomcat-coyote
Version9.0.115
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version9.0.116
Latest_non_vulnerable_version11.0.20
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8war-4v58-eub2
vulnerability_id VCID-8war-4v58-eub2
summary 
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.

When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.

This issue affects Apache Tomcat Native:  from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.


The following versions were EOL at the time the CVE was created but are 
known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected.

Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.

Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24734.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24734.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24734
reference_id
reference_type
scores
0
value 0.00109
scoring_system epss
scoring_elements 0.29188
published_at 2026-04-18T12:55:00Z
1
value 0.00109
scoring_system epss
scoring_elements 0.29315
published_at 2026-04-02T12:55:00Z
2
value 0.00109
scoring_system epss
scoring_elements 0.29363
published_at 2026-04-04T12:55:00Z
3
value 0.00109
scoring_system epss
scoring_elements 0.29175
published_at 2026-04-07T12:55:00Z
4
value 0.00109
scoring_system epss
scoring_elements 0.29239
published_at 2026-04-12T12:55:00Z
5
value 0.00109
scoring_system epss
scoring_elements 0.29279
published_at 2026-04-09T12:55:00Z
6
value 0.00109
scoring_system epss
scoring_elements 0.29285
published_at 2026-04-11T12:55:00Z
7
value 0.00109
scoring_system epss
scoring_elements 0.29186
published_at 2026-04-13T12:55:00Z
8
value 0.00109
scoring_system epss
scoring_elements 0.29213
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24734
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
4
reference_url https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-21T21:16:49Z/
url https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24734
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24734
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440426
reference_id 2440426
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2440426
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734
reference_id CVE-2026-24734
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734
8
reference_url https://github.com/advisories/GHSA-mgp5-rv84-w37q
reference_id GHSA-mgp5-rv84-w37q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mgp5-rv84-w37q
9
reference_url https://access.redhat.com/errata/RHSA-2026:5611
reference_id RHSA-2026:5611
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5611
10
reference_url https://access.redhat.com/errata/RHSA-2026:5612
reference_id RHSA-2026:5612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5612
11
reference_url https://access.redhat.com/errata/RHSA-2026:6569
reference_id RHSA-2026:6569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6569
12
reference_url https://access.redhat.com/errata/RHSA-2026:8334
reference_id RHSA-2026:8334
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8334
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.115
purl pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.115
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.115
1
url pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.52
purl pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.52
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.52
2
url pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.18
purl pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rsxs-u5cc-rkgj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.18
aliases CVE-2026-24734, GHSA-mgp5-rv84-w37q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8war-4v58-eub2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.115