Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-xra9-q91u-rfd5

Summary

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Aliases

alias	CVE-2015-5345

alias	GHSA-rh8q-vjgf-gf74

Fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@6.0.45

purl pkg:maven/org.apache.tomcat/tomcat@6.0.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-tcmv-6ftg-fqen

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.45

url	pkg:maven/org.apache.tomcat/tomcat@7.0.68
purl	pkg:maven/org.apache.tomcat/tomcat@7.0.68
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.68

url pkg:maven/org.apache.tomcat/tomcat@8.0.30

purl pkg:maven/org.apache.tomcat/tomcat@8.0.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e2gy-1c6a-6fdf

vulnerability	VCID-n4zk-mdyw-3fcz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.30

url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j1m6-79yt-f7h5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2

Affected_packages

References

reference_url	https://access.redhat.com/errata/RHSA-2016:1087
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1087

reference_url	https://access.redhat.com/errata/RHSA-2016:1088
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1088

reference_url	https://bto.bluecoat.com/security-advisory/sa118
reference_id
reference_type
scores
url	https://bto.bluecoat.com/security-advisory/sa118

reference_url	https://bz.apache.org/bugzilla/show_bug.cgi?id=58765
reference_id
reference_type
scores
url	https://bz.apache.org/bugzilla/show_bug.cgi?id=58765

reference_url	https://github.com/apache/tomcat
reference_id
reference_type
scores
url	https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat80/commit/2b643a4e36d318d55ec57fee57610671656d23c0
reference_id
reference_type
scores
url	https://github.com/apache/tomcat80/commit/2b643a4e36d318d55ec57fee57610671656d23c0

reference_url	https://github.com/apache/tomcat80/commit/c15c2aba8eb42425f9ebcfcaef579dada38ad3a2
reference_id
reference_type
scores
url	https://github.com/apache/tomcat80/commit/c15c2aba8eb42425f9ebcfcaef579dada38ad3a2

reference_url	https://github.com/apache/tomcat/commit/127d8ea86d245846f0472865f0eb1eb111955e71
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/127d8ea86d245846f0472865f0eb1eb111955e71

reference_url	https://github.com/apache/tomcat/commit/58c09b6217c546e1a251a82da227018f05277228
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/58c09b6217c546e1a251a82da227018f05277228

reference_url	https://github.com/apache/tomcat/commit/66daa4adc14b3e939659879153c0a579fdfcb099
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/66daa4adc14b3e939659879153c0a579fdfcb099

reference_url	https://github.com/apache/tomcat/commit/7288bc70a14edcfeff0a96e333a858be374cfc64
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/7288bc70a14edcfeff0a96e333a858be374cfc64

reference_url	https://github.com/apache/tomcat/commit/816552abf6735fa37dfd37c8a7bfbdbd045477e0
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/816552abf6735fa37dfd37c8a7bfbdbd045477e0

reference_url	https://github.com/apache/tomcat/commit/8437193708e4bf6b2861a7953dc472f9dad49111
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/8437193708e4bf6b2861a7953dc472f9dad49111

reference_url	https://github.com/apache/tomcat/commit/89cd0cf33a99dbbcf5c69050a83b6876e39269d7
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/89cd0cf33a99dbbcf5c69050a83b6876e39269d7

reference_url	https://github.com/apache/tomcat/commit/a273b5f45cb46a273d06510a689fc314155a952d
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/a273b5f45cb46a273d06510a689fc314155a952d

reference_url	https://github.com/apache/tomcat/commit/c584c7c4ab0686e4125eefcd0afb32fb8269da3d
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/c584c7c4ab0686e4125eefcd0afb32fb8269da3d

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10156
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10156

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

reference_url	https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201705-09

reference_url	https://security.netapp.com/advisory/ntap-20180531-0001
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180531-0001

reference_url	https://web.archive.org/web/20160321235514/http://www.securitytracker.com/id/1035071
reference_id
reference_type
scores
url	https://web.archive.org/web/20160321235514/http://www.securitytracker.com/id/1035071

reference_url	https://web.archive.org/web/20160804024910/http://www.securityfocus.com/bid/83328
reference_id
reference_type
scores
url	https://web.archive.org/web/20160804024910/http://www.securityfocus.com/bid/83328

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-5345
reference_id	CVE-2015-5345
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-5345

reference_url	https://github.com/advisories/GHSA-rh8q-vjgf-gf74
reference_id	GHSA-rh8q-vjgf-gf74
reference_type
scores
url	https://github.com/advisories/GHSA-rh8q-vjgf-gf74

Weaknesses

cwe_id	22
name	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description	The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xra9-q91u-rfd5

Vulnerability Instance