Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-paqj-ye46-8bdb

Summary

Apache Tomcat vulnerable to Unprotected Transport of Credentials
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

Aliases

alias	CVE-2023-28708

alias	GHSA-2c9m-w27f-53rm

Fixed_packages

url	pkg:apache/tomcat@8.5.86
purl	pkg:apache/tomcat@8.5.86
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.86

url	pkg:apache/tomcat@9.0.72
purl	pkg:apache/tomcat@9.0.72
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.72

url	pkg:apache/tomcat@10.1.6
purl	pkg:apache/tomcat@10.1.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.6

url	pkg:apache/tomcat@11.0.0-M3
purl	pkg:apache/tomcat@11.0.0-M3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M3

url	pkg:deb/debian/tomcat10@10.1.6-1?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.6-1%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.52-1~deb12u1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.52-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-nsp7-e9m6-juhv

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-nsp7-e9m6-juhv

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.55-1?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.55-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.55-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u6?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u6%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.118-1%3Fdistro=trixie

url pkg:maven/org.apache.tomcat/tomcat@8.5.86

purl pkg:maven/org.apache.tomcat/tomcat@8.5.86

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5udv-rheh-kqfy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.86

url	pkg:maven/org.apache.tomcat/tomcat@9.0.72
purl	pkg:maven/org.apache.tomcat/tomcat@9.0.72
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.72

url	pkg:maven/org.apache.tomcat/tomcat@10.1.6
purl	pkg:maven/org.apache.tomcat/tomcat@10.1.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.6

url	pkg:maven/org.apache.tomcat/tomcat@11.0.0-M3
purl	pkg:maven/org.apache.tomcat/tomcat@11.0.0-M3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M3

url	pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.86
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.86
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.86

url	pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.72
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.72
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.72

url	pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.6
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.6

url	pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.0-M3
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.0-M3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.0-M3

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.86

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.72

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.6

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0

Affected_packages

url pkg:apache/tomcat@8.5.0

purl pkg:apache/tomcat@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-7fh9-36qs-jfg5

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-9gz4-7etq-pyba

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-jhm9-cqu3-7yce

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-m7ja-6efp-tyh1

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-qthw-u9bp-zkdp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rhtz-91ke-kfbj

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-xa95-zsnk-3kg9

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.0

url pkg:apache/tomcat@8.5.85

purl pkg:apache/tomcat@8.5.85

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kbpn-7esm-77ew

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@8.5.85

url pkg:apache/tomcat@9.0.0-M1

purl pkg:apache/tomcat@9.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-cxjh-uh21-skh4

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-ja5v-v682-ekd1

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.0-M1

url pkg:apache/tomcat@9.0.71

purl pkg:apache/tomcat@9.0.71

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.71

url pkg:apache/tomcat@10.1.0-M1

purl pkg:apache/tomcat@10.1.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-6kdt-2q2t-aqgy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-ac8p-uerd-ubfj

vulnerability	VCID-bxwn-g8gu-kkbn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-cxjh-uh21-skh4

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-hf8e-m14m-mbcx

vulnerability	VCID-hssj-zqwx-9bc9

vulnerability	VCID-hy8s-ks53-u3aq

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-ja5v-v682-ekd1

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-kbn3-5swu-cubg

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-pmav-cxu6-1ua9

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-ujxe-ggfj-k3bh

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-vhbh-3a89-x7cw

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-z4zd-puyg-g3bz

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M1

url pkg:apache/tomcat@10.1.5

purl pkg:apache/tomcat@10.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.5

url pkg:apache/tomcat@11.0.0-M1

purl pkg:apache/tomcat@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-6kdt-2q2t-aqgy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-ac8p-uerd-ubfj

vulnerability	VCID-bxwn-g8gu-kkbn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-cxjh-uh21-skh4

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-h1tj-yzq6-93ew

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-hf8e-m14m-mbcx

vulnerability	VCID-hy8s-ks53-u3aq

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-ja5v-v682-ekd1

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-kbn3-5swu-cubg

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-pmav-cxu6-1ua9

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-ujxe-ggfj-k3bh

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-vhbh-3a89-x7cw

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-z4zd-puyg-g3bz

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M1

url pkg:apache/tomcat@11.0.0-M2

purl pkg:apache/tomcat@11.0.0-M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-82xn-mh3g-f7h3

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M2

url pkg:maven/org.apache.tomcat/tomcat@8.5.0

purl pkg:maven/org.apache.tomcat/tomcat@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-2mj1-8nz1-43cd

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-6umz-z8db-kqcy

vulnerability	VCID-7fh9-36qs-jfg5

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-9gz4-7etq-pyba

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-em96-kd99-3kf8

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-hqzu-shyu-j3hp

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-jhm9-cqu3-7yce

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-jzta-navk-87bn

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-m7ja-6efp-tyh1

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-q7g1-m4e7-pya4

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-qthw-u9bp-zkdp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rhtz-91ke-kfbj

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-s37s-p75k-27e6

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-tcmv-6ftg-fqen

vulnerability	VCID-u95s-xhwk-vka6

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-xa95-zsnk-3kg9

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-y9hs-ymcm-3ucx

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.0

url pkg:maven/org.apache.tomcat/tomcat@8.5.85

purl pkg:maven/org.apache.tomcat/tomcat@8.5.85

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-kbpn-7esm-77ew

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.85

url pkg:maven/org.apache.tomcat/tomcat@9.0.0-M1

purl pkg:maven/org.apache.tomcat/tomcat@9.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-cxjh-uh21-skh4

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-ja5v-v682-ekd1

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-wmrh-m1m3-uyav

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0-M1

url pkg:maven/org.apache.tomcat/tomcat@9.0.71

purl pkg:maven/org.apache.tomcat/tomcat@9.0.71

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.71

url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-2qhv-x4j1-jqa7

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-4q7w-adqc-kydu

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-6kdt-2q2t-aqgy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-98rd-f7ys-y7b9

vulnerability	VCID-9awt-9zjq-yucn

vulnerability	VCID-ac8p-uerd-ubfj

vulnerability	VCID-bxwn-g8gu-kkbn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-cxjh-uh21-skh4

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-hf8e-m14m-mbcx

vulnerability	VCID-hssj-zqwx-9bc9

vulnerability	VCID-hy8s-ks53-u3aq

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-ja5v-v682-ekd1

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-kbn3-5swu-cubg

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-pmav-cxu6-1ua9

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-ujxe-ggfj-k3bh

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-vhbh-3a89-x7cw

vulnerability	VCID-vvqm-vk3g-kuh8

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-z4zd-puyg-g3bz

vulnerability	VCID-zba8-2zc4-9qfh

vulnerability	VCID-zq8t-zucq-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1

url pkg:maven/org.apache.tomcat/tomcat@10.1.5

purl pkg:maven/org.apache.tomcat/tomcat@10.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.5

url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-6kdt-2q2t-aqgy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-ac8p-uerd-ubfj

vulnerability	VCID-bxwn-g8gu-kkbn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-cxjh-uh21-skh4

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-h1tj-yzq6-93ew

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-hf8e-m14m-mbcx

vulnerability	VCID-hy8s-ks53-u3aq

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-ja5v-v682-ekd1

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-kbn3-5swu-cubg

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-pmav-cxu6-1ua9

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-ujxe-ggfj-k3bh

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-vhbh-3a89-x7cw

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-z4zd-puyg-g3bz

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M2

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-82xn-mh3g-f7h3

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M2

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.0

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-1kgu-zupu-tydw

vulnerability	VCID-3nsr-9s9y-ckft

vulnerability	VCID-4nx6-t8vd-bqcu

vulnerability	VCID-9e2b-7qtg-tbaj

vulnerability	VCID-axzz-cadr-b7fv

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-dast-z2hv-2yfe

vulnerability	VCID-dbu6-fhrs-aubn

vulnerability	VCID-dk58-p9py-rka9

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-gmjm-6ck2-skgu

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-m7ja-6efp-tyh1

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-qth9-7326-hffp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rhtz-91ke-kfbj

vulnerability	VCID-rk89-9dw5-w3gg

vulnerability	VCID-se44-f85s-xyex

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-w317-p36z-fya3

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-xa95-zsnk-3kg9

vulnerability	VCID-xns8-63b5-guf2

vulnerability	VCID-y4a2-mamb-yqg6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.0

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0-M1

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-urhs-6aus-syb1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0-M1

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.0-M1

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-wcnj-bna8-7fh7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.0-M1

url pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M1

purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-y4a2-mamb-yqg6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M1

url pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1?arch=el7jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1?arch=el7jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1%3Farch=el7jws

url pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1?arch=el8jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1?arch=el8jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1%3Farch=el8jws

url pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1?arch=el9jws

purl pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1?arch=el9jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat@9.0.62-15.redhat_00013.1%3Farch=el9jws

url pkg:rpm/redhat/tomcat@1:9.0.62-27?arch=el8_9

purl pkg:rpm/redhat/tomcat@1:9.0.62-27?arch=el8_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.62-27%3Farch=el8_9

url pkg:rpm/redhat/tomcat@1:9.0.62-37?arch=el9_3

purl pkg:rpm/redhat/tomcat@1:9.0.62-37?arch=el9_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m1k8-9pwc-1qb9

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-ryby-gbcx-33ec

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:9.0.62-37%3Farch=el9_3

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28708.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28708.json

reference_url

https://bz.apache.org/bugzilla/show_bug.cgi?id=66471

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bz.apache.org/bugzilla/show_bug.cgi?id=66471

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab

reference_url

https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510

reference_url

https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/c64d496dda1560b5df113be55fbfaefec349b50f

reference_url

https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b

reference_url

https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67

reference_url

https://security.netapp.com/advisory/ntap-20230331-0012

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230331-0012

reference_url

https://tomcat.apache.org/security-10.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html

reference_url

https://tomcat.apache.org/security-11.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html

reference_url

https://tomcat.apache.org/security-8.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-8.html

reference_url

https://tomcat.apache.org/security-9.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2180856
reference_id	2180856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2180856

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708

reference_id

CVE-2023-28708

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-28708

reference_id

CVE-2023-28708

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28708

reference_url	https://github.com/advisories/GHSA-2c9m-w27f-53rm
reference_id	GHSA-2c9m-w27f-53rm
reference_type
scores
url	https://github.com/advisories/GHSA-2c9m-w27f-53rm

reference_url	https://access.redhat.com/errata/RHSA-2023:4909
reference_id	RHSA-2023:4909
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4909

reference_url	https://access.redhat.com/errata/RHSA-2023:4910
reference_id	RHSA-2023:4910
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4910

reference_url	https://access.redhat.com/errata/RHSA-2023:6570
reference_id	RHSA-2023:6570
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6570

reference_url	https://access.redhat.com/errata/RHSA-2023:7065
reference_id	RHSA-2023:7065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7065

Weaknesses

cwe_id	523
name	Unprotected Transport of Credentials
description	Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exploits

Severity_range_score 4.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-paqj-ye46-8bdb

Vulnerability Instance