Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-xqrn-wuv5-x7de
SummaryApache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
Aliases
0
alias CVE-2011-2481
1
alias GHSA-r7c8-hghc-2mp8
Fixed_packages
0
url pkg:apache/tomcat@7.0.19
purl pkg:apache/tomcat@7.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-618c-ar98-qfcr
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.19
1
url pkg:ebuild/www-servers/tomcat@7.0.23
purl pkg:ebuild/www-servers/tomcat@7.0.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23
Affected_packages
0
url pkg:apache/tomcat@7.0.0
purl pkg:apache/tomcat@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18q4-zark-s7a7
1
vulnerability VCID-1k8f-vsg1-k3d6
2
vulnerability VCID-241m-q6vd-kudk
3
vulnerability VCID-2sbh-sy57-3uez
4
vulnerability VCID-3cr9-g81m-4ugy
5
vulnerability VCID-3n4t-bvb1-5qer
6
vulnerability VCID-3r3s-q21j-c3au
7
vulnerability VCID-4aaa-errb-2qdw
8
vulnerability VCID-4mkw-7haq-pkgn
9
vulnerability VCID-5eqm-218u-p7gq
10
vulnerability VCID-618c-ar98-qfcr
11
vulnerability VCID-66kh-s6cr-tqf9
12
vulnerability VCID-68fk-4g86-ekbp
13
vulnerability VCID-7cpu-h5fr-8ffd
14
vulnerability VCID-7ej8-5f77-cybb
15
vulnerability VCID-886n-1vzv-syc6
16
vulnerability VCID-95d1-arxd-hkd1
17
vulnerability VCID-95fn-d2ad-qyg6
18
vulnerability VCID-9exq-fhv6-bbea
19
vulnerability VCID-a1by-zvtm-akdc
20
vulnerability VCID-a8gk-n8bq-87cp
21
vulnerability VCID-afm2-uj45-xkgx
22
vulnerability VCID-arkn-bca7-hqam
23
vulnerability VCID-c4jv-ws83-x7g2
24
vulnerability VCID-d9ys-kxh6-nkgr
25
vulnerability VCID-dhun-hj5q-dfch
26
vulnerability VCID-dzpn-w4b3-vbcm
27
vulnerability VCID-e2kr-7pmg-gfc9
28
vulnerability VCID-eb37-mkxf-7fgw
29
vulnerability VCID-f2zy-gq57-ufat
30
vulnerability VCID-fpuc-fe6m-47c6
31
vulnerability VCID-fyfz-6tr5-2fc7
32
vulnerability VCID-g7bk-891a-uufy
33
vulnerability VCID-gv12-4ruf-kfhq
34
vulnerability VCID-h9ds-trhx-m7aj
35
vulnerability VCID-hhk9-cr54-8fgc
36
vulnerability VCID-hmbm-5ysw-77bu
37
vulnerability VCID-hves-r5bg-yfes
38
vulnerability VCID-hxj6-mupf-abbc
39
vulnerability VCID-j2j9-avuw-n3eq
40
vulnerability VCID-jf7u-dvpd-b7f4
41
vulnerability VCID-kagr-74d9-kyhx
42
vulnerability VCID-kgd1-bzst-muh7
43
vulnerability VCID-kwab-3s4q-eka4
44
vulnerability VCID-kzzv-rhya-j7dd
45
vulnerability VCID-m1zd-uytj-3bej
46
vulnerability VCID-mctd-9zgv-5qgp
47
vulnerability VCID-mwk8-b5c9-kbb9
48
vulnerability VCID-n3ab-nk7c-hqc9
49
vulnerability VCID-n76n-ywja-rbhh
50
vulnerability VCID-p4dn-y54m-8fd1
51
vulnerability VCID-p6ch-pc73-b3ck
52
vulnerability VCID-pqxe-tfhk-47b7
53
vulnerability VCID-q6hm-mmfs-zka5
54
vulnerability VCID-quwu-ep21-cyew
55
vulnerability VCID-ruuh-g3fa-m7d8
56
vulnerability VCID-ryha-ndms-afbn
57
vulnerability VCID-ta1m-dh8x-nubc
58
vulnerability VCID-tcbc-3kgt-muam
59
vulnerability VCID-tfn5-6ckq-wyce
60
vulnerability VCID-tfrs-d458-tfaq
61
vulnerability VCID-vd1s-m27a-8ucc
62
vulnerability VCID-vdnj-sqmx-e3ep
63
vulnerability VCID-w82a-7kk2-p3f1
64
vulnerability VCID-xf8r-kqxb-7qdy
65
vulnerability VCID-xqrn-wuv5-x7de
66
vulnerability VCID-yfx4-4gsc-2kgh
67
vulnerability VCID-ygvw-69am-s7ae
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.0
1
url pkg:apache/tomcat@7.0.16
purl pkg:apache/tomcat@7.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mctd-9zgv-5qgp
1
vulnerability VCID-xqrn-wuv5-x7de
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@7.0.16
2
url pkg:maven/org.apache.tomcat/tomcat@7.0.0
purl pkg:maven/org.apache.tomcat/tomcat@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12du-1vyt-bkgx
1
vulnerability VCID-18q4-zark-s7a7
2
vulnerability VCID-1k8f-vsg1-k3d6
3
vulnerability VCID-1v6c-f56v-hqh1
4
vulnerability VCID-241m-q6vd-kudk
5
vulnerability VCID-2sbh-sy57-3uez
6
vulnerability VCID-3cr9-g81m-4ugy
7
vulnerability VCID-3n4t-bvb1-5qer
8
vulnerability VCID-3r3s-q21j-c3au
9
vulnerability VCID-4aaa-errb-2qdw
10
vulnerability VCID-4mkw-7haq-pkgn
11
vulnerability VCID-5eqm-218u-p7gq
12
vulnerability VCID-618c-ar98-qfcr
13
vulnerability VCID-66kh-s6cr-tqf9
14
vulnerability VCID-68fk-4g86-ekbp
15
vulnerability VCID-7cpu-h5fr-8ffd
16
vulnerability VCID-7ej8-5f77-cybb
17
vulnerability VCID-886n-1vzv-syc6
18
vulnerability VCID-8ebv-6941-jqdy
19
vulnerability VCID-95d1-arxd-hkd1
20
vulnerability VCID-95fn-d2ad-qyg6
21
vulnerability VCID-9exq-fhv6-bbea
22
vulnerability VCID-a1by-zvtm-akdc
23
vulnerability VCID-a8gk-n8bq-87cp
24
vulnerability VCID-afm2-uj45-xkgx
25
vulnerability VCID-arkn-bca7-hqam
26
vulnerability VCID-c4jv-ws83-x7g2
27
vulnerability VCID-d9ys-kxh6-nkgr
28
vulnerability VCID-dhun-hj5q-dfch
29
vulnerability VCID-dzpn-w4b3-vbcm
30
vulnerability VCID-e2kr-7pmg-gfc9
31
vulnerability VCID-eb37-mkxf-7fgw
32
vulnerability VCID-egye-da2v-4ybh
33
vulnerability VCID-f2zy-gq57-ufat
34
vulnerability VCID-fpuc-fe6m-47c6
35
vulnerability VCID-fyfz-6tr5-2fc7
36
vulnerability VCID-g7bk-891a-uufy
37
vulnerability VCID-g7eg-s99s-xqe7
38
vulnerability VCID-gv12-4ruf-kfhq
39
vulnerability VCID-gyed-x6s8-ybhr
40
vulnerability VCID-h9ds-trhx-m7aj
41
vulnerability VCID-hhk9-cr54-8fgc
42
vulnerability VCID-hmbm-5ysw-77bu
43
vulnerability VCID-hves-r5bg-yfes
44
vulnerability VCID-hxj6-mupf-abbc
45
vulnerability VCID-j2j9-avuw-n3eq
46
vulnerability VCID-jau7-gfz8-dkfa
47
vulnerability VCID-jf7u-dvpd-b7f4
48
vulnerability VCID-kagr-74d9-kyhx
49
vulnerability VCID-kgd1-bzst-muh7
50
vulnerability VCID-kwab-3s4q-eka4
51
vulnerability VCID-kyb8-rvyw-s7b1
52
vulnerability VCID-kzzv-rhya-j7dd
53
vulnerability VCID-m1zd-uytj-3bej
54
vulnerability VCID-mctd-9zgv-5qgp
55
vulnerability VCID-mwk8-b5c9-kbb9
56
vulnerability VCID-n3ab-nk7c-hqc9
57
vulnerability VCID-n76n-ywja-rbhh
58
vulnerability VCID-p4dn-y54m-8fd1
59
vulnerability VCID-p6ch-pc73-b3ck
60
vulnerability VCID-pqxe-tfhk-47b7
61
vulnerability VCID-q6hm-mmfs-zka5
62
vulnerability VCID-quwu-ep21-cyew
63
vulnerability VCID-r5rc-rdd9-bfbk
64
vulnerability VCID-rrdj-ssn7-zfdj
65
vulnerability VCID-ruuh-g3fa-m7d8
66
vulnerability VCID-ryha-ndms-afbn
67
vulnerability VCID-ta1m-dh8x-nubc
68
vulnerability VCID-tcbc-3kgt-muam
69
vulnerability VCID-tfn5-6ckq-wyce
70
vulnerability VCID-tfrs-d458-tfaq
71
vulnerability VCID-vd1s-m27a-8ucc
72
vulnerability VCID-vdnj-sqmx-e3ep
73
vulnerability VCID-w82a-7kk2-p3f1
74
vulnerability VCID-xf8r-kqxb-7qdy
75
vulnerability VCID-xqrn-wuv5-x7de
76
vulnerability VCID-yfx4-4gsc-2kgh
77
vulnerability VCID-ygvw-69am-s7ae
78
vulnerability VCID-zbbr-wded-9ffj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.0
3
url pkg:maven/org.apache.tomcat/tomcat@7.0.16
purl pkg:maven/org.apache.tomcat/tomcat@7.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mctd-9zgv-5qgp
1
vulnerability VCID-xqrn-wuv5-x7de
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.16
References
0
reference_url http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=139344343412337&w=2
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2481.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2481.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2481
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.4753
published_at 2026-04-13T12:55:00Z
1
value 0.00243
scoring_system epss
scoring_elements 0.47522
published_at 2026-04-12T12:55:00Z
2
value 0.00243
scoring_system epss
scoring_elements 0.47546
published_at 2026-04-11T12:55:00Z
3
value 0.00243
scoring_system epss
scoring_elements 0.47527
published_at 2026-04-08T12:55:00Z
4
value 0.00243
scoring_system epss
scoring_elements 0.47523
published_at 2026-04-09T12:55:00Z
5
value 0.00243
scoring_system epss
scoring_elements 0.47472
published_at 2026-04-07T12:55:00Z
6
value 0.00243
scoring_system epss
scoring_elements 0.47503
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2481
3
reference_url http://secunia.com/advisories/57126
reference_id
reference_type
scores
url http://secunia.com/advisories/57126
4
reference_url http://securitytracker.com/id?1025924
reference_id
reference_type
scores
url http://securitytracker.com/id?1025924
5
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
6
reference_url https://github.com/apache/tomcat/commit/279e4451cb996f810fbca2f78b6340412d9daa7b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat/commit/279e4451cb996f810fbca2f78b6340412d9daa7b
7
reference_url https://github.com/apache/tomcat/commit/81bb49ad58fc7b1177a86ba82abf0271d07ceeb7
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/81bb49ad58fc7b1177a86ba82abf0271d07ceeb7
8
reference_url https://github.com/apache/tomcat/commit/8fa210147ffd98e8971cba56395726cc4a893ad7
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/8fa210147ffd98e8971cba56395726cc4a893ad7
9
reference_url https://issues.apache.org/bugzilla/show_bug.cgi?id=51395
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/bugzilla/show_bug.cgi?id=51395
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2481
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2481
11
reference_url http://svn.apache.org/viewvc?view=revision&revision=1137753
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1137753
12
reference_url http://svn.apache.org/viewvc?view=revision&revision=1138788
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1138788
13
reference_url https://web.archive.org/web/20111209022500/http://www.securityfocus.com/bid/49147
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111209022500/http://www.securityfocus.com/bid/49147
14
reference_url https://web.archive.org/web/20161127215021/http://securitytracker.com/id?1025924
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161127215021/http://securitytracker.com/id?1025924
15
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-7.html
16
reference_url http://www.securityfocus.com/bid/49147
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/49147
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=732820
reference_id 732820
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=732820
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481
reference_id CVE-2011-2481
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481
19
reference_url https://github.com/advisories/GHSA-r7c8-hghc-2mp8
reference_id GHSA-r7c8-hghc-2mp8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7c8-hghc-2mp8
20
reference_url https://security.gentoo.org/glsa/201206-24
reference_id GLSA-201206-24
reference_type
scores
url https://security.gentoo.org/glsa/201206-24
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score0.1 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-xqrn-wuv5-x7de