Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-tcmv-6ftg-fqen

Summary

Information Exposure Through Timing Discrepancy
The Realm implementations in Apache Tomcat does not process the supplied password if the supplied user name did not exist which makes it possible to use a timing attack to determine valid user names.

Aliases

alias	CVE-2016-0762

alias	GHSA-wxcp-f2c8-x6xv

Fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@6.0.46
purl	pkg:maven/org.apache.tomcat/tomcat@6.0.46
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.46

url	pkg:maven/org.apache.tomcat/tomcat@7.0.72
purl	pkg:maven/org.apache.tomcat/tomcat@7.0.72
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.72

url	pkg:maven/org.apache.tomcat/tomcat@8.0.37
purl	pkg:maven/org.apache.tomcat/tomcat@8.0.37
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.37

url pkg:maven/org.apache.tomcat/tomcat@8.5.5

purl pkg:maven/org.apache.tomcat/tomcat@8.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8xdc-3kn9-b3e6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.5

url	pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10
purl	pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M10

url	pkg:maven/tomcat/catalina@6.0.47
purl	pkg:maven/tomcat/catalina@6.0.47
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/tomcat/catalina@6.0.47

Affected_packages

url pkg:maven/org.apache.tomcat/tomcat@6.0.0

purl pkg:maven/org.apache.tomcat/tomcat@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2kjh-4r2g-rqe6

vulnerability	VCID-46sr-9kr3-1ubw

vulnerability	VCID-4t2h-jjhm-y7fq

vulnerability	VCID-5m85-3zyu-7qak

vulnerability	VCID-6uuq-2a39-yubx

vulnerability	VCID-74c7-a56p-kufz

vulnerability	VCID-7787-4bwm-efgq

vulnerability	VCID-89e9-m968-vfhe

vulnerability	VCID-9hm5-e4dw-6ffe

vulnerability	VCID-9j31-459b-4qbm

vulnerability	VCID-aar2-398x-p3d8

vulnerability	VCID-atus-ryef-17h1

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-crhe-rt8j-wycu

vulnerability	VCID-eawm-8v9w-yfap

vulnerability	VCID-eygg-nt7y-qubh

vulnerability	VCID-f4ka-47dk-zffs

vulnerability	VCID-fu9h-e3jx-abe2

vulnerability	VCID-fuxz-fqw3-ufa9

vulnerability	VCID-hmqa-jhuf-hfe2

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-jw6e-g8z9-43ej

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-n4zk-mdyw-3fcz

vulnerability	VCID-pq53-6deg-abfx

vulnerability	VCID-pzkk-4e94-aqag

vulnerability	VCID-qz87-x4zb-rud7

vulnerability	VCID-qzyq-d6qk-67ag

vulnerability	VCID-rdr4-db3y-p3cz

vulnerability	VCID-redv-2x5y-8khx

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-t3ya-1w1r-h3dv

vulnerability	VCID-t4mh-zvhq-27du

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-vsta-e8jg-4qa8

vulnerability	VCID-w8uj-zy2r-fyca

vulnerability	VCID-wg7f-pjmn-uudk

vulnerability	VCID-wtke-y2cx-x3et

vulnerability	VCID-y9yv-u4jh-mqew

vulnerability	VCID-yswq-hnqg-sycs

vulnerability	VCID-yvcg-96dp-r7e6

vulnerability	VCID-zm75-zwps-h3fv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.0

url pkg:maven/org.apache.tomcat/tomcat@6.0.45

purl pkg:maven/org.apache.tomcat/tomcat@6.0.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-tcmv-6ftg-fqen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.45

url pkg:maven/org.apache.tomcat/tomcat@7.0.0

purl pkg:maven/org.apache.tomcat/tomcat@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a1b-3pdg-jbfq

vulnerability	VCID-2kjh-4r2g-rqe6

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-46sr-9kr3-1ubw

vulnerability	VCID-4qcn-52ug-mbd5

vulnerability	VCID-4t2h-jjhm-y7fq

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5m85-3zyu-7qak

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-6uuq-2a39-yubx

vulnerability	VCID-74c7-a56p-kufz

vulnerability	VCID-89e9-m968-vfhe

vulnerability	VCID-937w-2w2q-7fdy

vulnerability	VCID-9hm5-e4dw-6ffe

vulnerability	VCID-aar2-398x-p3d8

vulnerability	VCID-atus-ryef-17h1

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-e2gy-1c6a-6fdf

vulnerability	VCID-e72e-axdj-7qfw

vulnerability	VCID-f4ka-47dk-zffs

vulnerability	VCID-fu9h-e3jx-abe2

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-j1m6-79yt-f7h5

vulnerability	VCID-jw6e-g8z9-43ej

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-nnye-4xbb-kuf5

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-pq53-6deg-abfx

vulnerability	VCID-qhqg-ekuv-z7fc

vulnerability	VCID-redv-2x5y-8khx

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-sk1w-8yt4-93cv

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-vsta-e8jg-4qa8

vulnerability	VCID-wtke-y2cx-x3et

vulnerability	VCID-xjj5-fy4e-e7ha

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-yusx-ncpv-sfhg

vulnerability	VCID-yvcg-96dp-r7e6

vulnerability	VCID-zm75-zwps-h3fv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.0

url pkg:maven/org.apache.tomcat/tomcat@8.0.0.RC1

purl pkg:maven/org.apache.tomcat/tomcat@8.0.0.RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5m85-3zyu-7qak

vulnerability	VCID-e2gy-1c6a-6fdf

vulnerability	VCID-n4zk-mdyw-3fcz

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-tcmv-6ftg-fqen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.0.RC1

url pkg:maven/org.apache.tomcat/tomcat@8.0.36

purl pkg:maven/org.apache.tomcat/tomcat@8.0.36

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-tcmv-6ftg-fqen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.36

url pkg:maven/org.apache.tomcat/tomcat@8.5.0

purl pkg:maven/org.apache.tomcat/tomcat@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.0

url pkg:maven/org.apache.tomcat/tomcat@8.5.4

purl pkg:maven/org.apache.tomcat/tomcat@8.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-tcmv-6ftg-fqen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.4

url pkg:maven/org.apache.tomcat/tomcat@9.0.0M1

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j1m6-79yt-f7h5

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-tcmv-6ftg-fqen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0M1

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M9

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-tcmv-6ftg-fqen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M9

url pkg:maven/tomcat/catalina@6.0.0

purl pkg:maven/tomcat/catalina@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tcmv-6ftg-fqen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/tomcat/catalina@6.0.0

url pkg:maven/tomcat/catalina@6.0.45

purl pkg:maven/tomcat/catalina@6.0.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tcmv-6ftg-fqen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/tomcat/catalina@6.0.45

References

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0457.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0457.html

reference_url	https://access.redhat.com/errata/RHSA-2017:0455
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0455

reference_url	https://access.redhat.com/errata/RHSA-2017:0456
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0456

reference_url	https://access.redhat.com/errata/RHSA-2017:2247
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2247

reference_url	https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009@%3Cannounce.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://security.netapp.com/advisory/ntap-20180605-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180605-0001/

reference_url	https://usn.ubuntu.com/4557-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4557-1/

reference_url	https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url	https://www.oracle.com//security-alerts/cpujul2021.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	http://www.debian.org/security/2016/dsa-3720
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3720

reference_url	http://www.securityfocus.com/bid/93939
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/93939

reference_url	http://www.securitytracker.com/id/1037144
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037144

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-0762
reference_id	CVE-2016-0762
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-0762

reference_url	https://github.com/advisories/GHSA-wxcp-f2c8-x6xv
reference_id	GHSA-wxcp-f2c8-x6xv
reference_type
scores
url	https://github.com/advisories/GHSA-wxcp-f2c8-x6xv

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	203
name	Observable Discrepancy
description	The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcmv-6ftg-fqen

Vulnerability Instance