Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-u95s-xhwk-vka6

Summary

Insufficient Verification of Data Authenticity
The CORS Filter in Apache Tomcat did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

Aliases

alias	CVE-2017-7674

Fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@7.0.79

purl pkg:maven/org.apache.tomcat/tomcat@7.0.79

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q1cf-qg1v-3ybr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.79

url pkg:maven/org.apache.tomcat/tomcat@8.0.45

purl pkg:maven/org.apache.tomcat/tomcat@8.0.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q1cf-qg1v-3ybr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.45

url pkg:maven/org.apache.tomcat/tomcat@8.5.16

purl pkg:maven/org.apache.tomcat/tomcat@8.5.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q1cf-qg1v-3ybr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.16

url pkg:maven/org.apache.tomcat/tomcat@9.0.1

purl pkg:maven/org.apache.tomcat/tomcat@9.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q1cf-qg1v-3ybr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.1

url pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.79

purl pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.79

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8fn4-hnez-y3eb

vulnerability	VCID-et9y-m4hb-43h7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.79

url	pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.16
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.16

url	pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M22
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M22
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M22

Affected_packages

url pkg:maven/org.apache.tomcat/tomcat@7.0.41

purl pkg:maven/org.apache.tomcat/tomcat@7.0.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.41

url pkg:maven/org.apache.tomcat/tomcat@7.0.50

purl pkg:maven/org.apache.tomcat/tomcat@7.0.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.50

url pkg:maven/org.apache.tomcat/tomcat@7.0.52

purl pkg:maven/org.apache.tomcat/tomcat@7.0.52

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.52

url pkg:maven/org.apache.tomcat/tomcat@7.0.78

purl pkg:maven/org.apache.tomcat/tomcat@7.0.78

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.78

url pkg:maven/org.apache.tomcat/tomcat@8.0

purl pkg:maven/org.apache.tomcat/tomcat@8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0

url pkg:maven/org.apache.tomcat/tomcat@8.0.44

purl pkg:maven/org.apache.tomcat/tomcat@8.0.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.44

url pkg:maven/org.apache.tomcat/tomcat@8.5.0

purl pkg:maven/org.apache.tomcat/tomcat@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.0

url pkg:maven/org.apache.tomcat/tomcat@8.5.15

purl pkg:maven/org.apache.tomcat/tomcat@8.5.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.15

url pkg:maven/org.apache.tomcat/tomcat@9.0.0

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-8xdc-3kn9-b3e6

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-fqyx-8pgs-uqgg

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-q1cf-qg1v-3ybr

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0

url pkg:maven/org.apache.tomcat/tomcat-catalina@7

purl pkg:maven/org.apache.tomcat/tomcat-catalina@7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7

url pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.78

purl pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.78

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.78

url pkg:maven/org.apache.tomcat/tomcat-catalina@8

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.44

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.44

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.15

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.15

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M21

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M21

url pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1

purl pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-7fh9-36qs-jfg5

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-xa95-zsnk-3kg9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1

References

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1480618
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1480618

reference_url	https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E

reference_url	https://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url	https://tomcat.apache.org/security-7.html

reference_url	https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url	https://tomcat.apache.org/security-8.html

reference_url	http://www.securityfocus.com/bid/100280
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100280

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7674
reference_id	CVE-2017-7674
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7674

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	345
name	Insufficient Verification of Data Authenticity
description	The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u95s-xhwk-vka6

Vulnerability Instance