Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-bxg6-fsmd-6qae

Summary The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue

Aliases

alias	CVE-2013-2185

alias	GHSA-v6c7-8qx5-8gmp

Fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@7.0.39

purl pkg:maven/org.apache.tomcat/tomcat@7.0.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-afm2-uj45-xkgx

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-e2kr-7pmg-gfc9

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.39

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40

url	pkg:maven/org.jboss.web/jbossweb@7.2.2
purl	pkg:maven/org.jboss.web/jbossweb@7.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.web/jbossweb@7.2.2

Affected_packages

url pkg:maven/org.apache.tomcat/tomcat@7.0.35

purl pkg:maven/org.apache.tomcat/tomcat@7.0.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-afm2-uj45-xkgx

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-e2kr-7pmg-gfc9

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.35

url pkg:maven/org.apache.tomcat/tomcat@7.0.37

purl pkg:maven/org.apache.tomcat/tomcat@7.0.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4aaa-errb-2qdw

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-afm2-uj45-xkgx

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-e2kr-7pmg-gfc9

vulnerability	VCID-e7kd-kk57-mkd6

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kwab-3s4q-eka4

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-yfx4-4gsc-2kgh

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.37

url pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-gv12-4ruf-kfhq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.0

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.0

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.2

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.2

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.4

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.4

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.5

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.5

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.6

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.6

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.8

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.8

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.12

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.12

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.14

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.14

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.16

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.16

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.19

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.19

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.20

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.20

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.21

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.21

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.22

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.22

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.23

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.23

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.25

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.25

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.26

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.26

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.27

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.27

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.28

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.28

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.29

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.29

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.30

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.30

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.32

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.32

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.33

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-a8gk-n8bq-87cp

vulnerability	VCID-bxg6-fsmd-6qae

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-gv12-4ruf-kfhq

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-nvbx-q971-skgm

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.33

url pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el6

purl pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bxg6-fsmd-6qae

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6%3Farch=el6

url pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el5

purl pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bxg6-fsmd-6qae

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6%3Farch=el5

References

reference_url

http://openwall.com/lists/oss-security/2014/10/24/12

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/10/24/12

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1193.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1193.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1194.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1194.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1265.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1265.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2185

reference_id

reference_type

scores

value	0.05286
scoring_system	epss
scoring_elements	0.89969
published_at	2026-04-02T12:55:00Z

value	0.05286
scoring_system	epss
scoring_elements	0.90015
published_at	2026-04-12T12:55:00Z

value	0.05286
scoring_system	epss
scoring_elements	0.89981
published_at	2026-04-04T12:55:00Z

value	0.05286
scoring_system	epss
scoring_elements	0.89987
published_at	2026-04-07T12:55:00Z

value	0.05286
scoring_system	epss
scoring_elements	0.90003
published_at	2026-04-08T12:55:00Z

value	0.05286
scoring_system	epss
scoring_elements	0.90017
published_at	2026-04-11T12:55:00Z

value	0.05286
scoring_system	epss
scoring_elements	0.90009
published_at	2026-04-13T12:55:00Z

value	0.05286
scoring_system	epss
scoring_elements	0.90026
published_at	2026-04-18T12:55:00Z

value	0.05286
scoring_system	epss
scoring_elements	0.90025
published_at	2026-04-16T12:55:00Z

value	0.05286
scoring_system	epss
scoring_elements	0.89967
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2185

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2185

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2185

reference_url

http://www.openwall.com/lists/oss-security/2013/09/05/4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/09/05/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=974813
reference_id	974813
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=974813

reference_url

https://github.com/advisories/GHSA-v6c7-8qx5-8gmp

reference_id

GHSA-v6c7-8qx5-8gmp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v6c7-8qx5-8gmp

reference_url	https://access.redhat.com/errata/RHSA-2013:1193
reference_id	RHSA-2013:1193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1193

reference_url	https://access.redhat.com/errata/RHSA-2013:1194
reference_id	RHSA-2013:1194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1194

reference_url	https://access.redhat.com/errata/RHSA-2013:1265
reference_id	RHSA-2013:1265
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1265

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	502
name	Deserialization of Untrusted Data
description	The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

cwe_id	626
name	Null Byte Interaction Error (Poison Null Byte)
description	The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bxg6-fsmd-6qae

Vulnerability Instance