Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-a9bd-d31y-k7g6

Summary org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.

Aliases

alias	CVE-2014-0033

alias	GHSA-6gjj-c5mj-4cvp

Fixed_packages

url pkg:apache/tomcat@6.0.39

purl pkg:apache/tomcat@6.0.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.39

url	pkg:deb/debian/tomcat6@6.0.45%2Bdfsg-1~deb7u1
purl	pkg:deb/debian/tomcat6@6.0.45%2Bdfsg-1~deb7u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat6@6.0.45%252Bdfsg-1~deb7u1

url	pkg:ebuild/www-servers/tomcat@7.0.56
purl	pkg:ebuild/www-servers/tomcat@7.0.56
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.56

Affected_packages

url pkg:apache/tomcat@6.0.33

purl pkg:apache/tomcat@6.0.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a9bd-d31y-k7g6

vulnerability	VCID-hhk9-cr54-8fgc

vulnerability	VCID-hxj6-mupf-abbc

vulnerability	VCID-quwu-ep21-cyew

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.33

url pkg:apache/tomcat@6.0.37

purl pkg:apache/tomcat@6.0.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a9bd-d31y-k7g6

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-twh8-87va-juf9

vulnerability	VCID-w82a-7kk2-p3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.37

url pkg:deb/debian/tomcat6@6.0.16-1

purl pkg:deb/debian/tomcat6@6.0.16-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a9bd-d31y-k7g6

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-p4dn-y54m-8fd1

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-ryha-ndms-afbn

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat6@6.0.16-1

url pkg:deb/debian/tomcat6@6.0.35-1%2Bsqueeze4

purl pkg:deb/debian/tomcat6@6.0.35-1%2Bsqueeze4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a9bd-d31y-k7g6

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-p4dn-y54m-8fd1

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-ryha-ndms-afbn

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat6@6.0.35-1%252Bsqueeze4

url pkg:deb/debian/tomcat6@6.0.41-3

purl pkg:deb/debian/tomcat6@6.0.41-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a9bd-d31y-k7g6

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat6@6.0.41-3

url pkg:deb/debian/tomcat6@6.0.45-1~deb6u1

purl pkg:deb/debian/tomcat6@6.0.45-1~deb6u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a9bd-d31y-k7g6

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat6@6.0.45-1~deb6u1

url pkg:maven/org.apache.tomcat/tomcat@6.0.33

purl pkg:maven/org.apache.tomcat/tomcat@6.0.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a9bd-d31y-k7g6

vulnerability	VCID-hhk9-cr54-8fgc

vulnerability	VCID-hxj6-mupf-abbc

vulnerability	VCID-quwu-ep21-cyew

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.33

url pkg:maven/org.apache.tomcat/tomcat@6.0.37

purl pkg:maven/org.apache.tomcat/tomcat@6.0.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a9bd-d31y-k7g6

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-twh8-87va-juf9

vulnerability	VCID-w82a-7kk2-p3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.37

url pkg:rpm/redhat/tomcat6@6.0.37-19_patch_04.ep6?arch=el5

purl pkg:rpm/redhat/tomcat6@6.0.37-19_patch_04.ep6?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a9bd-d31y-k7g6

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-tcbc-3kgt-muam

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat6@6.0.37-19_patch_04.ep6%3Farch=el5

url pkg:rpm/redhat/tomcat6@6.0.37-27_patch_04.ep6?arch=el6

purl pkg:rpm/redhat/tomcat6@6.0.37-27_patch_04.ep6?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a9bd-d31y-k7g6

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-tcbc-3kgt-muam

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat6@6.0.37-27_patch_04.ep6%3Farch=el6

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0033.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0033.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0033

reference_id

reference_type

scores

value	0.16231
scoring_system	epss
scoring_elements	0.94782
published_at	2026-04-01T12:55:00Z

value	0.16231
scoring_system	epss
scoring_elements	0.94818
published_at	2026-04-13T12:55:00Z

value	0.16231
scoring_system	epss
scoring_elements	0.94817
published_at	2026-04-12T12:55:00Z

value	0.16231
scoring_system	epss
scoring_elements	0.94814
published_at	2026-04-11T12:55:00Z

value	0.16231
scoring_system	epss
scoring_elements	0.9481
published_at	2026-04-09T12:55:00Z

value	0.16231
scoring_system	epss
scoring_elements	0.94806
published_at	2026-04-08T12:55:00Z

value	0.16231
scoring_system	epss
scoring_elements	0.94797
published_at	2026-04-07T12:55:00Z

value	0.16231
scoring_system	epss
scoring_elements	0.94795
published_at	2026-04-04T12:55:00Z

value	0.16231
scoring_system	epss
scoring_elements	0.94792
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0033

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1069919

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1069919

reference_url

http://seclists.org/fulldisclosure/2014/Dec/23

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2014/Dec/23

reference_url

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1558822
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1558822

reference_url

http://svn.apache.org/viewvc?view=revision&revision=1558822

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://svn.apache.org/viewvc?view=revision&revision=1558822

reference_url

http://tomcat.apache.org/security-6.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://tomcat.apache.org/security-6.html

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21675886

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21675886

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21677147

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21677147

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21678231

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21678231

reference_url

http://www.debian.org/security/2016/dsa-3530

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3530

reference_url

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

reference_url

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

reference_url

http://www.ubuntu.com/usn/USN-2130-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2130-1

reference_url

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033

reference_id

CVE-2014-0033

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0033

reference_id

CVE-2014-0033

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0033

reference_url

https://github.com/advisories/GHSA-6gjj-c5mj-4cvp

reference_id

GHSA-6gjj-c5mj-4cvp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6gjj-c5mj-4cvp

reference_url	https://security.gentoo.org/glsa/201412-29
reference_id	GLSA-201412-29
reference_type
scores
url	https://security.gentoo.org/glsa/201412-29

reference_url	https://access.redhat.com/errata/RHSA-2014:0525
reference_id	RHSA-2014:0525
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0525

reference_url	https://access.redhat.com/errata/RHSA-2014:0528
reference_id	RHSA-2014:0528
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0528

reference_url	https://usn.ubuntu.com/2130-1/
reference_id	USN-2130-1
reference_type
scores
url	https://usn.ubuntu.com/2130-1/

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	384
name	Session Fixation
description	Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Exploits

Severity_range_score 0.1 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9bd-d31y-k7g6

Vulnerability Instance