Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-47v1-3uxc-zkaj

Summary

Improper Access Control
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Aliases

alias	CVE-2016-5388

alias	GHSA-v646-rx6w-r3qq

Fixed_packages

url	pkg:deb/debian/tomcat9@0?distro=trixie
purl	pkg:deb/debian/tomcat9@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@0%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.118-1%3Fdistro=trixie

url pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.72

purl pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.72

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8fn4-hnez-y3eb

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-et9y-m4hb-43h7

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.72

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.5

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-wmrh-m1m3-uyav

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.5

Affected_packages

url pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.0

purl pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47v1-3uxc-zkaj

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-7fh9-36qs-jfg5

vulnerability	VCID-8fn4-hnez-y3eb

vulnerability	VCID-937w-2w2q-7fdy

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-et9y-m4hb-43h7

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-qthw-u9bp-zkdp

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-xa95-zsnk-3kg9

vulnerability	VCID-xjj5-fy4e-e7ha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.0

url pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.0

purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47v1-3uxc-zkaj

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-937w-2w2q-7fdy

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-xjj5-fy4e-e7ha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.0

url pkg:rpm/redhat/httpd24@2.4.6-62.ep7?arch=el6

purl pkg:rpm/redhat/httpd24@2.4.6-62.ep7?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47v1-3uxc-zkaj

vulnerability	VCID-duan-fz4r-uydy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd24@2.4.6-62.ep7%3Farch=el6

url pkg:rpm/redhat/httpd24@2.4.6-62.ep7?arch=el7

purl pkg:rpm/redhat/httpd24@2.4.6-62.ep7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47v1-3uxc-zkaj

vulnerability	VCID-duan-fz4r-uydy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd24@2.4.6-62.ep7%3Farch=el7

url pkg:rpm/redhat/tomcat@7.0.54-8?arch=el7_2

purl pkg:rpm/redhat/tomcat@7.0.54-8?arch=el7_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2kjh-4r2g-rqe6

vulnerability	VCID-47v1-3uxc-zkaj

vulnerability	VCID-e2gy-1c6a-6fdf

vulnerability	VCID-fgjp-2fh1-nfg4

vulnerability	VCID-utz2-w3qu-9kav

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@7.0.54-8%3Farch=el7_2

url pkg:rpm/redhat/tomcat6@6.0.24-98?arch=el6_8

purl pkg:rpm/redhat/tomcat6@6.0.24-98?arch=el6_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47v1-3uxc-zkaj

vulnerability	VCID-5m85-3zyu-7qak

vulnerability	VCID-n4zk-mdyw-3fcz

vulnerability	VCID-utz2-w3qu-9kav

vulnerability	VCID-xra9-q91u-rfd5

vulnerability	VCID-zrc5-bf77-aygn

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat6@6.0.24-98%3Farch=el6_8

url pkg:rpm/redhat/tomcat7@7.0.59-51_patch_01.ep7?arch=el6

purl pkg:rpm/redhat/tomcat7@7.0.59-51_patch_01.ep7?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47v1-3uxc-zkaj

vulnerability	VCID-duan-fz4r-uydy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat7@7.0.59-51_patch_01.ep7%3Farch=el6

url pkg:rpm/redhat/tomcat7@7.0.59-51_patch_01.ep7?arch=el7

purl pkg:rpm/redhat/tomcat7@7.0.59-51_patch_01.ep7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47v1-3uxc-zkaj

vulnerability	VCID-duan-fz4r-uydy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat7@7.0.59-51_patch_01.ep7%3Farch=el7

url pkg:rpm/redhat/tomcat8@8.0.18-62_patch_01.ep7?arch=el6

purl pkg:rpm/redhat/tomcat8@8.0.18-62_patch_01.ep7?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47v1-3uxc-zkaj

vulnerability	VCID-duan-fz4r-uydy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat8@8.0.18-62_patch_01.ep7%3Farch=el6

url pkg:rpm/redhat/tomcat8@8.0.18-62_patch_01.ep7?arch=el7

purl pkg:rpm/redhat/tomcat8@8.0.18-62_patch_01.ep7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47v1-3uxc-zkaj

vulnerability	VCID-duan-fz4r-uydy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat8@8.0.18-62_patch_01.ep7%3Farch=el7

References

reference_url	http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2045.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2045.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2046.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2046.html

reference_url

https://access.redhat.com/errata/RHSA-2016:1624

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:1624

reference_url

https://access.redhat.com/errata/RHSA-2016:1635

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:1635

reference_url

https://access.redhat.com/errata/RHSA-2016:1636

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:1636

reference_url

https://access.redhat.com/errata/RHSA-2016:2045

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:2045

reference_url

https://access.redhat.com/errata/RHSA-2016:2046

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:2046

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5388.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5388.json

reference_url

https://access.redhat.com/security/cve/CVE-2016-5388

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2016-5388

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5388

reference_id

reference_type

scores

value	0.3676
scoring_system	epss
scoring_elements	0.97229
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5388

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1353809

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1353809

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat70/commit/880250877b0643956435282afb9c111450cfff4c
reference_id
reference_type
scores
url	https://github.com/apache/tomcat70/commit/880250877b0643956435282afb9c111450cfff4c

reference_url	https://github.com/apache/tomcat80/commit/1977bf9df699c571cf3e08c2996533b959d4cb1e
reference_id
reference_type
scores
url	https://github.com/apache/tomcat80/commit/1977bf9df699c571cf3e08c2996533b959d4cb1e

reference_url	https://github.com/apache/tomcat85/commit/1b91e91194a095ea922f96d1dccddf6fbc446e54
reference_id
reference_type
scores
url	https://github.com/apache/tomcat85/commit/1b91e91194a095ea922f96d1dccddf6fbc446e54

reference_url

https://github.com/apache/tomcat/commit/1b91e91194a095ea922f96d1dccddf6fbc446e54

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1b91e91194a095ea922f96d1dccddf6fbc446e54

reference_url

https://github.com/apache/tomcat/commit/880250877b0643956435282afb9c111450cfff4c

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/880250877b0643956435282afb9c111450cfff4c

reference_url

https://github.com/apache/tomcat/commit/fb3569fbb9a2f55459aa8e1e22bc35a737e66329

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/fb3569fbb9a2f55459aa8e1e22bc35a737e66329

reference_url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us

reference_url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

reference_url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759

reference_url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

reference_url

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39@%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39@%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html

reference_url

https://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html

reference_url

https://rhn.redhat.com/errata/RHSA-2016-1624.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2016-1624.html

reference_url

https://rhn.redhat.com/errata/RHSA-2016-2045.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2016-2045.html

reference_url

https://rhn.redhat.com/errata/RHSA-2016-2046.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2016-2046.html

reference_url

https://tomcat.apache.org/tomcat-7.0-doc/changelog.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/tomcat-7.0-doc/changelog.html

reference_url

https://www.apache.org/security/asf-httpoxy-response.txt

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.apache.org/security/asf-httpoxy-response.txt

reference_url

https://www.kb.cert.org/vuls/id/797896

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.kb.cert.org/vuls/id/797896

reference_url	http://www.kb.cert.org/vuls/id/797896
reference_id
reference_type
scores
url	http://www.kb.cert.org/vuls/id/797896

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5388

reference_id

CVE-2016-5388

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5388

reference_url	https://github.com/advisories/GHSA-v646-rx6w-r3qq
reference_id	GHSA-v646-rx6w-r3qq
reference_type
scores
url	https://github.com/advisories/GHSA-v646-rx6w-r3qq

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	284
name	Improper Access Control
description	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploits

Severity_range_score 3.5 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47v1-3uxc-zkaj

Vulnerability Instance