Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6uuq-2a39-yubx

Summary

Uncontrolled Resource Consumption in Apache Tomcat
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Aliases

alias	CVE-2014-0230

alias	GHSA-pxcx-cxq8-4mmw

Fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@6.0.44

purl pkg:maven/org.apache.tomcat/tomcat@6.0.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n4zk-mdyw-3fcz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.44

url	pkg:maven/org.apache.tomcat/tomcat@7.0.55
purl	pkg:maven/org.apache.tomcat/tomcat@7.0.55
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.55

url	pkg:maven/org.apache.tomcat/tomcat@8.0.9
purl	pkg:maven/org.apache.tomcat/tomcat@8.0.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.9

Affected_packages

url pkg:maven/org.apache.tomcat/tomcat@6.0.0

purl pkg:maven/org.apache.tomcat/tomcat@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2kjh-4r2g-rqe6

vulnerability	VCID-46sr-9kr3-1ubw

vulnerability	VCID-4t2h-jjhm-y7fq

vulnerability	VCID-5m85-3zyu-7qak

vulnerability	VCID-6uuq-2a39-yubx

vulnerability	VCID-74c7-a56p-kufz

vulnerability	VCID-7787-4bwm-efgq

vulnerability	VCID-89e9-m968-vfhe

vulnerability	VCID-9hm5-e4dw-6ffe

vulnerability	VCID-9j31-459b-4qbm

vulnerability	VCID-aar2-398x-p3d8

vulnerability	VCID-atus-ryef-17h1

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-crhe-rt8j-wycu

vulnerability	VCID-eawm-8v9w-yfap

vulnerability	VCID-eygg-nt7y-qubh

vulnerability	VCID-f4ka-47dk-zffs

vulnerability	VCID-fu9h-e3jx-abe2

vulnerability	VCID-fuxz-fqw3-ufa9

vulnerability	VCID-hmqa-jhuf-hfe2

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-jw6e-g8z9-43ej

vulnerability	VCID-kxc3-vz2c-wqca

vulnerability	VCID-n4zk-mdyw-3fcz

vulnerability	VCID-pq53-6deg-abfx

vulnerability	VCID-pzkk-4e94-aqag

vulnerability	VCID-qz87-x4zb-rud7

vulnerability	VCID-qzyq-d6qk-67ag

vulnerability	VCID-rdr4-db3y-p3cz

vulnerability	VCID-redv-2x5y-8khx

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-t3ya-1w1r-h3dv

vulnerability	VCID-t4mh-zvhq-27du

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-vsta-e8jg-4qa8

vulnerability	VCID-w8uj-zy2r-fyca

vulnerability	VCID-wg7f-pjmn-uudk

vulnerability	VCID-wtke-y2cx-x3et

vulnerability	VCID-y9yv-u4jh-mqew

vulnerability	VCID-yswq-hnqg-sycs

vulnerability	VCID-yvcg-96dp-r7e6

vulnerability	VCID-zm75-zwps-h3fv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.0

url pkg:maven/org.apache.tomcat/tomcat@7.0.0

purl pkg:maven/org.apache.tomcat/tomcat@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a1b-3pdg-jbfq

vulnerability	VCID-2kjh-4r2g-rqe6

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-46sr-9kr3-1ubw

vulnerability	VCID-4qcn-52ug-mbd5

vulnerability	VCID-4t2h-jjhm-y7fq

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5m85-3zyu-7qak

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-6uuq-2a39-yubx

vulnerability	VCID-74c7-a56p-kufz

vulnerability	VCID-89e9-m968-vfhe

vulnerability	VCID-937w-2w2q-7fdy

vulnerability	VCID-9hm5-e4dw-6ffe

vulnerability	VCID-aar2-398x-p3d8

vulnerability	VCID-atus-ryef-17h1

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-e2gy-1c6a-6fdf

vulnerability	VCID-e72e-axdj-7qfw

vulnerability	VCID-f4ka-47dk-zffs

vulnerability	VCID-fu9h-e3jx-abe2

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-j1m6-79yt-f7h5

vulnerability	VCID-jw6e-g8z9-43ej

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-nnye-4xbb-kuf5

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-pq53-6deg-abfx

vulnerability	VCID-qhqg-ekuv-z7fc

vulnerability	VCID-redv-2x5y-8khx

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-sk1w-8yt4-93cv

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-vsta-e8jg-4qa8

vulnerability	VCID-wtke-y2cx-x3et

vulnerability	VCID-xjj5-fy4e-e7ha

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-yusx-ncpv-sfhg

vulnerability	VCID-yvcg-96dp-r7e6

vulnerability	VCID-zm75-zwps-h3fv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.0

url pkg:maven/org.apache.tomcat/tomcat@8.0.0

purl pkg:maven/org.apache.tomcat/tomcat@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a1b-3pdg-jbfq

vulnerability	VCID-2kjh-4r2g-rqe6

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-6uuq-2a39-yubx

vulnerability	VCID-937w-2w2q-7fdy

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-fukm-h3r6-s7cr

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-j1m6-79yt-f7h5

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-nnye-4xbb-kuf5

vulnerability	VCID-pq53-6deg-abfx

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-xjj5-fy4e-e7ha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.0

References

reference_url	http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E
reference_id
reference_type
scores
url	http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E

reference_url	http://marc.info/?l=bugtraq&m=144498216801440&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=144498216801440&w=2

reference_url	http://marc.info/?l=bugtraq&m=145974991225029&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145974991225029&w=2

reference_url	http://openwall.com/lists/oss-security/2015/04/10/1
reference_id
reference_type
scores
url	http://openwall.com/lists/oss-security/2015/04/10/1

reference_url	http://rhn.redhat.com/errata/RHSA-2015-1622.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-1622.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0595.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0595.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0596.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0596.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0597.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0597.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0598.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0598.html

reference_url	https://access.redhat.com/errata/RHSA-2015:2659
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2659

reference_url	https://access.redhat.com/errata/RHSA-2015:2660
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2660

reference_url	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
reference_id
reference_type
scores
url	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

reference_url	https://issues.jboss.org/browse/JWS-219
reference_id
reference_type
scores
url	https://issues.jboss.org/browse/JWS-219

reference_url	https://issues.jboss.org/browse/JWS-220
reference_id
reference_type
scores
url	https://issues.jboss.org/browse/JWS-220

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1603770
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1603770

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1603775
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1603775

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1603779
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1603779

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-7.html

reference_url	http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-8.html

reference_url	http://www.debian.org/security/2016/dsa-3447
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3447

reference_url	http://www.debian.org/security/2016/dsa-3530
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3530

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

reference_url	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

reference_url	http://www.ubuntu.com/usn/USN-2654-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2654-1

reference_url	http://www.ubuntu.com/usn/USN-2655-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2655-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2014-0230
reference_id	CVE-2014-0230
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2014-0230

reference_url	https://github.com/advisories/GHSA-pxcx-cxq8-4mmw
reference_id	GHSA-pxcx-cxq8-4mmw
reference_type
scores
url	https://github.com/advisories/GHSA-pxcx-cxq8-4mmw

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	399
name	Resource Management Errors
description	Weaknesses in this category are related to improper management of system resources.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6uuq-2a39-yubx

Vulnerability Instance