Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vm4b-26sq-tfev
SummaryThe Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Aliases
0
alias CVE-2009-3548
Fixed_packages
0
url pkg:apache/tomcat@5.5.29
purl pkg:apache/tomcat@5.5.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kjm-p97s-zuh8
1
vulnerability VCID-f2zy-gq57-ufat
2
vulnerability VCID-tfn5-6ckq-wyce
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.29
1
url pkg:apache/tomcat@6.0.24
purl pkg:apache/tomcat@6.0.24
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.24
Affected_packages
0
url pkg:apache/tomcat@5.5.0
purl pkg:apache/tomcat@5.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18j8-kwdv-dyak
1
vulnerability VCID-1qt3-ctae-sfgw
2
vulnerability VCID-241m-q6vd-kudk
3
vulnerability VCID-27q8-96un-9fbk
4
vulnerability VCID-2jnv-segx-zkfd
5
vulnerability VCID-4rcx-xfn5-7kdb
6
vulnerability VCID-6epr-2hbd-skcz
7
vulnerability VCID-6p3e-4u8s-17ep
8
vulnerability VCID-7969-7a8h-zyhh
9
vulnerability VCID-7kjm-p97s-zuh8
10
vulnerability VCID-86ur-vudp-4yc2
11
vulnerability VCID-87p8-zvvf-y7dm
12
vulnerability VCID-88v7-kc2y-bfd7
13
vulnerability VCID-a9cu-fxqw-xkdg
14
vulnerability VCID-acmu-9eqb-fya5
15
vulnerability VCID-bhq7-d545-27bj
16
vulnerability VCID-bung-pa58-ayfv
17
vulnerability VCID-d9ys-kxh6-nkgr
18
vulnerability VCID-dcrp-rae1-zfcm
19
vulnerability VCID-dhun-hj5q-dfch
20
vulnerability VCID-f2zy-gq57-ufat
21
vulnerability VCID-fvvt-kufu-k3a6
22
vulnerability VCID-g998-xymt-fudu
23
vulnerability VCID-hhk9-cr54-8fgc
24
vulnerability VCID-mctd-9zgv-5qgp
25
vulnerability VCID-mnf8-t3ew-4fgb
26
vulnerability VCID-n76n-ywja-rbhh
27
vulnerability VCID-peya-mr7j-vugf
28
vulnerability VCID-q7jp-hn4a-4kec
29
vulnerability VCID-qdck-q54n-rkcv
30
vulnerability VCID-quwu-ep21-cyew
31
vulnerability VCID-qxkf-4ddv-j3b7
32
vulnerability VCID-r84b-7ay9-ekcm
33
vulnerability VCID-skar-qk57-qkdv
34
vulnerability VCID-su1y-2bxh-9qe2
35
vulnerability VCID-tcju-3rvu-wkht
36
vulnerability VCID-tfn5-6ckq-wyce
37
vulnerability VCID-v94p-bxm3-akfd
38
vulnerability VCID-vm4b-26sq-tfev
39
vulnerability VCID-wsn2-pd9b-b3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.0
1
url pkg:apache/tomcat@5.5.28
purl pkg:apache/tomcat@5.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qt3-ctae-sfgw
1
vulnerability VCID-g998-xymt-fudu
2
vulnerability VCID-vm4b-26sq-tfev
3
vulnerability VCID-wsn2-pd9b-b3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.28
2
url pkg:apache/tomcat@6.0.0
purl pkg:apache/tomcat@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18q4-zark-s7a7
1
vulnerability VCID-1k8f-vsg1-k3d6
2
vulnerability VCID-1qt3-ctae-sfgw
3
vulnerability VCID-241m-q6vd-kudk
4
vulnerability VCID-27q8-96un-9fbk
5
vulnerability VCID-3cr9-g81m-4ugy
6
vulnerability VCID-3n4t-bvb1-5qer
7
vulnerability VCID-3r3s-q21j-c3au
8
vulnerability VCID-4mkw-7haq-pkgn
9
vulnerability VCID-4rcx-xfn5-7kdb
10
vulnerability VCID-68fk-4g86-ekbp
11
vulnerability VCID-6epr-2hbd-skcz
12
vulnerability VCID-6p3e-4u8s-17ep
13
vulnerability VCID-7969-7a8h-zyhh
14
vulnerability VCID-7cpu-h5fr-8ffd
15
vulnerability VCID-7ej8-5f77-cybb
16
vulnerability VCID-7kjm-p97s-zuh8
17
vulnerability VCID-7pd9-1r19-73fe
18
vulnerability VCID-87p8-zvvf-y7dm
19
vulnerability VCID-88v7-kc2y-bfd7
20
vulnerability VCID-95d1-arxd-hkd1
21
vulnerability VCID-a1by-zvtm-akdc
22
vulnerability VCID-a9cu-fxqw-xkdg
23
vulnerability VCID-acmu-9eqb-fya5
24
vulnerability VCID-bung-pa58-ayfv
25
vulnerability VCID-d9ys-kxh6-nkgr
26
vulnerability VCID-dcrp-rae1-zfcm
27
vulnerability VCID-dhun-hj5q-dfch
28
vulnerability VCID-egup-27ub-6uaf
29
vulnerability VCID-f2zy-gq57-ufat
30
vulnerability VCID-fpuc-fe6m-47c6
31
vulnerability VCID-g998-xymt-fudu
32
vulnerability VCID-h9ds-trhx-m7aj
33
vulnerability VCID-hhk9-cr54-8fgc
34
vulnerability VCID-hhkg-mfp5-2kax
35
vulnerability VCID-jf7u-dvpd-b7f4
36
vulnerability VCID-kagr-74d9-kyhx
37
vulnerability VCID-kgd1-bzst-muh7
38
vulnerability VCID-kzzv-rhya-j7dd
39
vulnerability VCID-m1zd-uytj-3bej
40
vulnerability VCID-mctd-9zgv-5qgp
41
vulnerability VCID-mnf8-t3ew-4fgb
42
vulnerability VCID-mwk8-b5c9-kbb9
43
vulnerability VCID-n76n-ywja-rbhh
44
vulnerability VCID-p4dn-y54m-8fd1
45
vulnerability VCID-p6ch-pc73-b3ck
46
vulnerability VCID-peya-mr7j-vugf
47
vulnerability VCID-qdck-q54n-rkcv
48
vulnerability VCID-quwu-ep21-cyew
49
vulnerability VCID-qxkf-4ddv-j3b7
50
vulnerability VCID-r84b-7ay9-ekcm
51
vulnerability VCID-su1y-2bxh-9qe2
52
vulnerability VCID-tcbc-3kgt-muam
53
vulnerability VCID-tcju-3rvu-wkht
54
vulnerability VCID-tfn5-6ckq-wyce
55
vulnerability VCID-tfrs-d458-tfaq
56
vulnerability VCID-twh8-87va-juf9
57
vulnerability VCID-v94p-bxm3-akfd
58
vulnerability VCID-vd1s-m27a-8ucc
59
vulnerability VCID-vm4b-26sq-tfev
60
vulnerability VCID-w82a-7kk2-p3f1
61
vulnerability VCID-wsn2-pd9b-b3g8
62
vulnerability VCID-xf8r-kqxb-7qdy
63
vulnerability VCID-ygvw-69am-s7ae
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.0
3
url pkg:apache/tomcat@6.0.20
purl pkg:apache/tomcat@6.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qt3-ctae-sfgw
1
vulnerability VCID-g998-xymt-fudu
2
vulnerability VCID-vm4b-26sq-tfev
3
vulnerability VCID-wsn2-pd9b-b3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.20
4
url pkg:maven/org.apache.tomcat/tomcat@5.5.0
purl pkg:maven/org.apache.tomcat/tomcat@5.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12du-1vyt-bkgx
1
vulnerability VCID-18j8-kwdv-dyak
2
vulnerability VCID-1qt3-ctae-sfgw
3
vulnerability VCID-1v6c-f56v-hqh1
4
vulnerability VCID-241m-q6vd-kudk
5
vulnerability VCID-27q8-96un-9fbk
6
vulnerability VCID-2jnv-segx-zkfd
7
vulnerability VCID-4rcx-xfn5-7kdb
8
vulnerability VCID-6epr-2hbd-skcz
9
vulnerability VCID-6p3e-4u8s-17ep
10
vulnerability VCID-7969-7a8h-zyhh
11
vulnerability VCID-7kjm-p97s-zuh8
12
vulnerability VCID-86ur-vudp-4yc2
13
vulnerability VCID-87p8-zvvf-y7dm
14
vulnerability VCID-88v7-kc2y-bfd7
15
vulnerability VCID-8ebv-6941-jqdy
16
vulnerability VCID-a9cu-fxqw-xkdg
17
vulnerability VCID-acmu-9eqb-fya5
18
vulnerability VCID-bhq7-d545-27bj
19
vulnerability VCID-bung-pa58-ayfv
20
vulnerability VCID-d9ys-kxh6-nkgr
21
vulnerability VCID-dcrp-rae1-zfcm
22
vulnerability VCID-dhun-hj5q-dfch
23
vulnerability VCID-egye-da2v-4ybh
24
vulnerability VCID-f2zy-gq57-ufat
25
vulnerability VCID-fvvt-kufu-k3a6
26
vulnerability VCID-g7eg-s99s-xqe7
27
vulnerability VCID-g998-xymt-fudu
28
vulnerability VCID-hhk9-cr54-8fgc
29
vulnerability VCID-mctd-9zgv-5qgp
30
vulnerability VCID-mnf8-t3ew-4fgb
31
vulnerability VCID-n76n-ywja-rbhh
32
vulnerability VCID-peya-mr7j-vugf
33
vulnerability VCID-q7jp-hn4a-4kec
34
vulnerability VCID-qdck-q54n-rkcv
35
vulnerability VCID-quwu-ep21-cyew
36
vulnerability VCID-qxkf-4ddv-j3b7
37
vulnerability VCID-r5rc-rdd9-bfbk
38
vulnerability VCID-r84b-7ay9-ekcm
39
vulnerability VCID-rrdj-ssn7-zfdj
40
vulnerability VCID-rwvj-tq6x-2ubs
41
vulnerability VCID-skar-qk57-qkdv
42
vulnerability VCID-su1y-2bxh-9qe2
43
vulnerability VCID-tcju-3rvu-wkht
44
vulnerability VCID-tfn5-6ckq-wyce
45
vulnerability VCID-v94p-bxm3-akfd
46
vulnerability VCID-vm4b-26sq-tfev
47
vulnerability VCID-wsn2-pd9b-b3g8
48
vulnerability VCID-zbbr-wded-9ffj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.0
5
url pkg:maven/org.apache.tomcat/tomcat@5.5.28
purl pkg:maven/org.apache.tomcat/tomcat@5.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qt3-ctae-sfgw
1
vulnerability VCID-g998-xymt-fudu
2
vulnerability VCID-vm4b-26sq-tfev
3
vulnerability VCID-wsn2-pd9b-b3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.28
6
url pkg:maven/org.apache.tomcat/tomcat@6.0.0
purl pkg:maven/org.apache.tomcat/tomcat@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12du-1vyt-bkgx
1
vulnerability VCID-18q4-zark-s7a7
2
vulnerability VCID-1k8f-vsg1-k3d6
3
vulnerability VCID-1qt3-ctae-sfgw
4
vulnerability VCID-1v6c-f56v-hqh1
5
vulnerability VCID-241m-q6vd-kudk
6
vulnerability VCID-27q8-96un-9fbk
7
vulnerability VCID-3cr9-g81m-4ugy
8
vulnerability VCID-3n4t-bvb1-5qer
9
vulnerability VCID-3r3s-q21j-c3au
10
vulnerability VCID-4mkw-7haq-pkgn
11
vulnerability VCID-4rcx-xfn5-7kdb
12
vulnerability VCID-68fk-4g86-ekbp
13
vulnerability VCID-6epr-2hbd-skcz
14
vulnerability VCID-6p3e-4u8s-17ep
15
vulnerability VCID-7969-7a8h-zyhh
16
vulnerability VCID-7cpu-h5fr-8ffd
17
vulnerability VCID-7ej8-5f77-cybb
18
vulnerability VCID-7kjm-p97s-zuh8
19
vulnerability VCID-7pd9-1r19-73fe
20
vulnerability VCID-87p8-zvvf-y7dm
21
vulnerability VCID-88v7-kc2y-bfd7
22
vulnerability VCID-8ebv-6941-jqdy
23
vulnerability VCID-95d1-arxd-hkd1
24
vulnerability VCID-a1by-zvtm-akdc
25
vulnerability VCID-a9cu-fxqw-xkdg
26
vulnerability VCID-acmu-9eqb-fya5
27
vulnerability VCID-bung-pa58-ayfv
28
vulnerability VCID-d9ys-kxh6-nkgr
29
vulnerability VCID-dcrp-rae1-zfcm
30
vulnerability VCID-dhun-hj5q-dfch
31
vulnerability VCID-egup-27ub-6uaf
32
vulnerability VCID-egye-da2v-4ybh
33
vulnerability VCID-f2zy-gq57-ufat
34
vulnerability VCID-fpuc-fe6m-47c6
35
vulnerability VCID-g7eg-s99s-xqe7
36
vulnerability VCID-g998-xymt-fudu
37
vulnerability VCID-h9ds-trhx-m7aj
38
vulnerability VCID-hhk9-cr54-8fgc
39
vulnerability VCID-hhkg-mfp5-2kax
40
vulnerability VCID-jau7-gfz8-dkfa
41
vulnerability VCID-jf7u-dvpd-b7f4
42
vulnerability VCID-jtg7-217a-qqhk
43
vulnerability VCID-kagr-74d9-kyhx
44
vulnerability VCID-kgd1-bzst-muh7
45
vulnerability VCID-kzzv-rhya-j7dd
46
vulnerability VCID-m1zd-uytj-3bej
47
vulnerability VCID-mctd-9zgv-5qgp
48
vulnerability VCID-mnf8-t3ew-4fgb
49
vulnerability VCID-mwk8-b5c9-kbb9
50
vulnerability VCID-n76n-ywja-rbhh
51
vulnerability VCID-p4dn-y54m-8fd1
52
vulnerability VCID-p6ch-pc73-b3ck
53
vulnerability VCID-peya-mr7j-vugf
54
vulnerability VCID-qdck-q54n-rkcv
55
vulnerability VCID-quwu-ep21-cyew
56
vulnerability VCID-qxkf-4ddv-j3b7
57
vulnerability VCID-r5rc-rdd9-bfbk
58
vulnerability VCID-r84b-7ay9-ekcm
59
vulnerability VCID-rrdj-ssn7-zfdj
60
vulnerability VCID-rwvj-tq6x-2ubs
61
vulnerability VCID-su1y-2bxh-9qe2
62
vulnerability VCID-t9y6-suc2-2kcg
63
vulnerability VCID-ta1m-dh8x-nubc
64
vulnerability VCID-tcbc-3kgt-muam
65
vulnerability VCID-tcju-3rvu-wkht
66
vulnerability VCID-tfn5-6ckq-wyce
67
vulnerability VCID-tfrs-d458-tfaq
68
vulnerability VCID-twh8-87va-juf9
69
vulnerability VCID-v94p-bxm3-akfd
70
vulnerability VCID-vd1s-m27a-8ucc
71
vulnerability VCID-vm4b-26sq-tfev
72
vulnerability VCID-w82a-7kk2-p3f1
73
vulnerability VCID-wsn2-pd9b-b3g8
74
vulnerability VCID-xf8r-kqxb-7qdy
75
vulnerability VCID-ygvw-69am-s7ae
76
vulnerability VCID-zbbr-wded-9ffj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.0
7
url pkg:maven/org.apache.tomcat/tomcat@6.0.20
purl pkg:maven/org.apache.tomcat/tomcat@6.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qt3-ctae-sfgw
1
vulnerability VCID-g998-xymt-fudu
2
vulnerability VCID-vm4b-26sq-tfev
3
vulnerability VCID-wsn2-pd9b-b3g8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.20
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3548
reference_id
reference_type
scores
0
value 0.86884
scoring_system epss
scoring_elements 0.99433
published_at 2026-04-16T12:55:00Z
1
value 0.86884
scoring_system epss
scoring_elements 0.99425
published_at 2026-04-01T12:55:00Z
2
value 0.86884
scoring_system epss
scoring_elements 0.99424
published_at 2026-04-02T12:55:00Z
3
value 0.86884
scoring_system epss
scoring_elements 0.99426
published_at 2026-04-07T12:55:00Z
4
value 0.86884
scoring_system epss
scoring_elements 0.99427
published_at 2026-04-08T12:55:00Z
5
value 0.86884
scoring_system epss
scoring_elements 0.99428
published_at 2026-04-09T12:55:00Z
6
value 0.86884
scoring_system epss
scoring_elements 0.9943
published_at 2026-04-12T12:55:00Z
7
value 0.86884
scoring_system epss
scoring_elements 0.99431
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3548
1
reference_url https://svn.apache.org/viewvc?view=rev&rev=881771
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=881771
2
reference_url https://svn.apache.org/viewvc?view=rev&rev=919006
reference_id
reference_type
scores
url https://svn.apache.org/viewvc?view=rev&rev=919006
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
reference_id CVE-2009-3548
reference_type
scores
0
value Low
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31433.rb
reference_id CVE-2009-3548;OSVDB-60176
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/31433.rb
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16317.rb
reference_id CVE-2010-4094;CVE-2010-0557;CVE-2009-4189;CVE-2009-4188;CVE-2009-3843;CVE-2009-3548;OSVDB-60670;OSVDB-60317;OSVDB-60176
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16317.rb
6
reference_url http://www.zerodayinitiative.com/advisories/ZDI-10-214/
reference_id CVE-2010-4094;CVE-2010-0557;CVE-2009-4189;CVE-2009-4188;CVE-2009-3843;CVE-2009-3548;OSVDB-60670;OSVDB-60317;OSVDB-60176
reference_type exploit
scores
url http://www.zerodayinitiative.com/advisories/ZDI-10-214/
Weaknesses
Exploits
0
date_added 2014-02-05
description Apache Tomcat Manager - Application Upload (Authenticated) Code Execution (Metasploit)
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2014-02-05
exploit_type remote
platform multiple
source_date_updated 2014-02-05
data_source Exploit-DB
source_url
1
date_added null
description 
This module can be used to execute a payload on Apache Tomcat servers that
          have an exposed "manager" application. The payload is uploaded as a WAR archive
          containing a jsp application using a POST request against the /manager/html/upload
          component.

          NOTE: The compatible payload sets vary based on the selected target. For
          example, you must select the Windows target to use native Windows payloads.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2009-11-09
exploit_type null
platform Java,Linux,Windows
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/tomcat_mgr_upload.rb
Severity_range_score0.1 - 3
Exploitability2.0
Weighted_severity2.7
Risk_score5.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vm4b-26sq-tfev