Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-su1y-2bxh-9qe2

Summary Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Aliases

alias	CVE-2007-3386

Fixed_packages

url pkg:apache/tomcat@5.5.25

purl pkg:apache/tomcat@5.5.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7pd9-1r19-73fe

vulnerability	VCID-88v7-kc2y-bfd7

vulnerability	VCID-hhkg-mfp5-2kax

vulnerability	VCID-v94p-bxm3-akfd

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.25

url pkg:apache/tomcat@6.0.14

purl pkg:apache/tomcat@6.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-88v7-kc2y-bfd7

vulnerability	VCID-v94p-bxm3-akfd

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.14

Affected_packages

url pkg:apache/tomcat@5.5.0

purl pkg:apache/tomcat@5.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18j8-kwdv-dyak

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-241m-q6vd-kudk

vulnerability	VCID-27q8-96un-9fbk

vulnerability	VCID-2jnv-segx-zkfd

vulnerability	VCID-4rcx-xfn5-7kdb

vulnerability	VCID-6epr-2hbd-skcz

vulnerability	VCID-6p3e-4u8s-17ep

vulnerability	VCID-7969-7a8h-zyhh

vulnerability	VCID-7kjm-p97s-zuh8

vulnerability	VCID-86ur-vudp-4yc2

vulnerability	VCID-87p8-zvvf-y7dm

vulnerability	VCID-88v7-kc2y-bfd7

vulnerability	VCID-a9cu-fxqw-xkdg

vulnerability	VCID-acmu-9eqb-fya5

vulnerability	VCID-bhq7-d545-27bj

vulnerability	VCID-bung-pa58-ayfv

vulnerability	VCID-d9ys-kxh6-nkgr

vulnerability	VCID-dcrp-rae1-zfcm

vulnerability	VCID-dhun-hj5q-dfch

vulnerability	VCID-f2zy-gq57-ufat

vulnerability	VCID-fvvt-kufu-k3a6

vulnerability	VCID-g998-xymt-fudu

vulnerability	VCID-hhk9-cr54-8fgc

vulnerability	VCID-mctd-9zgv-5qgp

vulnerability	VCID-mnf8-t3ew-4fgb

vulnerability	VCID-n76n-ywja-rbhh

vulnerability	VCID-peya-mr7j-vugf

vulnerability	VCID-q7jp-hn4a-4kec

vulnerability	VCID-qdck-q54n-rkcv

vulnerability	VCID-quwu-ep21-cyew

vulnerability	VCID-qxkf-4ddv-j3b7

vulnerability	VCID-r84b-7ay9-ekcm

vulnerability	VCID-skar-qk57-qkdv

vulnerability	VCID-su1y-2bxh-9qe2

vulnerability	VCID-tcju-3rvu-wkht

vulnerability	VCID-tfn5-6ckq-wyce

vulnerability	VCID-v94p-bxm3-akfd

vulnerability	VCID-vm4b-26sq-tfev

vulnerability	VCID-wsn2-pd9b-b3g8

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.0

url pkg:apache/tomcat@5.5.24

purl pkg:apache/tomcat@5.5.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6p3e-4u8s-17ep

vulnerability	VCID-7969-7a8h-zyhh

vulnerability	VCID-peya-mr7j-vugf

vulnerability	VCID-su1y-2bxh-9qe2

vulnerability	VCID-tcju-3rvu-wkht

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@5.5.24

url pkg:apache/tomcat@6.0.0

purl pkg:apache/tomcat@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-241m-q6vd-kudk

vulnerability	VCID-27q8-96un-9fbk

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-4rcx-xfn5-7kdb

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-6epr-2hbd-skcz

vulnerability	VCID-6p3e-4u8s-17ep

vulnerability	VCID-7969-7a8h-zyhh

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-7ej8-5f77-cybb

vulnerability	VCID-7kjm-p97s-zuh8

vulnerability	VCID-7pd9-1r19-73fe

vulnerability	VCID-87p8-zvvf-y7dm

vulnerability	VCID-88v7-kc2y-bfd7

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a9cu-fxqw-xkdg

vulnerability	VCID-acmu-9eqb-fya5

vulnerability	VCID-bung-pa58-ayfv

vulnerability	VCID-d9ys-kxh6-nkgr

vulnerability	VCID-dcrp-rae1-zfcm

vulnerability	VCID-dhun-hj5q-dfch

vulnerability	VCID-egup-27ub-6uaf

vulnerability	VCID-f2zy-gq57-ufat

vulnerability	VCID-fpuc-fe6m-47c6

vulnerability	VCID-g998-xymt-fudu

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hhk9-cr54-8fgc

vulnerability	VCID-hhkg-mfp5-2kax

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-mctd-9zgv-5qgp

vulnerability	VCID-mnf8-t3ew-4fgb

vulnerability	VCID-mwk8-b5c9-kbb9

vulnerability	VCID-n76n-ywja-rbhh

vulnerability	VCID-p4dn-y54m-8fd1

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-peya-mr7j-vugf

vulnerability	VCID-qdck-q54n-rkcv

vulnerability	VCID-quwu-ep21-cyew

vulnerability	VCID-qxkf-4ddv-j3b7

vulnerability	VCID-r84b-7ay9-ekcm

vulnerability	VCID-su1y-2bxh-9qe2

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tcju-3rvu-wkht

vulnerability	VCID-tfn5-6ckq-wyce

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-twh8-87va-juf9

vulnerability	VCID-v94p-bxm3-akfd

vulnerability	VCID-vd1s-m27a-8ucc

vulnerability	VCID-vm4b-26sq-tfev

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-ygvw-69am-s7ae

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.0

url pkg:apache/tomcat@6.0.13

purl pkg:apache/tomcat@6.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6p3e-4u8s-17ep

vulnerability	VCID-7969-7a8h-zyhh

vulnerability	VCID-peya-mr7j-vugf

vulnerability	VCID-su1y-2bxh-9qe2

vulnerability	VCID-tcju-3rvu-wkht

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@6.0.13

url pkg:maven/org.apache.tomcat/tomcat@5.5.0

purl pkg:maven/org.apache.tomcat/tomcat@5.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12du-1vyt-bkgx

vulnerability	VCID-18j8-kwdv-dyak

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-1v6c-f56v-hqh1

vulnerability	VCID-241m-q6vd-kudk

vulnerability	VCID-27q8-96un-9fbk

vulnerability	VCID-2jnv-segx-zkfd

vulnerability	VCID-4rcx-xfn5-7kdb

vulnerability	VCID-6epr-2hbd-skcz

vulnerability	VCID-6p3e-4u8s-17ep

vulnerability	VCID-7969-7a8h-zyhh

vulnerability	VCID-7kjm-p97s-zuh8

vulnerability	VCID-86ur-vudp-4yc2

vulnerability	VCID-87p8-zvvf-y7dm

vulnerability	VCID-88v7-kc2y-bfd7

vulnerability	VCID-8ebv-6941-jqdy

vulnerability	VCID-a9cu-fxqw-xkdg

vulnerability	VCID-acmu-9eqb-fya5

vulnerability	VCID-bhq7-d545-27bj

vulnerability	VCID-bung-pa58-ayfv

vulnerability	VCID-d9ys-kxh6-nkgr

vulnerability	VCID-dcrp-rae1-zfcm

vulnerability	VCID-dhun-hj5q-dfch

vulnerability	VCID-egye-da2v-4ybh

vulnerability	VCID-f2zy-gq57-ufat

vulnerability	VCID-fvvt-kufu-k3a6

vulnerability	VCID-g7eg-s99s-xqe7

vulnerability	VCID-g998-xymt-fudu

vulnerability	VCID-hhk9-cr54-8fgc

vulnerability	VCID-mctd-9zgv-5qgp

vulnerability	VCID-mnf8-t3ew-4fgb

vulnerability	VCID-n76n-ywja-rbhh

vulnerability	VCID-peya-mr7j-vugf

vulnerability	VCID-q7jp-hn4a-4kec

vulnerability	VCID-qdck-q54n-rkcv

vulnerability	VCID-quwu-ep21-cyew

vulnerability	VCID-qxkf-4ddv-j3b7

vulnerability	VCID-r5rc-rdd9-bfbk

vulnerability	VCID-r84b-7ay9-ekcm

vulnerability	VCID-rrdj-ssn7-zfdj

vulnerability	VCID-rwvj-tq6x-2ubs

vulnerability	VCID-skar-qk57-qkdv

vulnerability	VCID-su1y-2bxh-9qe2

vulnerability	VCID-tcju-3rvu-wkht

vulnerability	VCID-tfn5-6ckq-wyce

vulnerability	VCID-v94p-bxm3-akfd

vulnerability	VCID-vm4b-26sq-tfev

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-zbbr-wded-9ffj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.0

url pkg:maven/org.apache.tomcat/tomcat@5.5.24

purl pkg:maven/org.apache.tomcat/tomcat@5.5.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6p3e-4u8s-17ep

vulnerability	VCID-7969-7a8h-zyhh

vulnerability	VCID-peya-mr7j-vugf

vulnerability	VCID-su1y-2bxh-9qe2

vulnerability	VCID-tcju-3rvu-wkht

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.24

url pkg:maven/org.apache.tomcat/tomcat@6.0.0

purl pkg:maven/org.apache.tomcat/tomcat@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12du-1vyt-bkgx

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-1qt3-ctae-sfgw

vulnerability	VCID-1v6c-f56v-hqh1

vulnerability	VCID-241m-q6vd-kudk

vulnerability	VCID-27q8-96un-9fbk

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-4mkw-7haq-pkgn

vulnerability	VCID-4rcx-xfn5-7kdb

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-6epr-2hbd-skcz

vulnerability	VCID-6p3e-4u8s-17ep

vulnerability	VCID-7969-7a8h-zyhh

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-7ej8-5f77-cybb

vulnerability	VCID-7kjm-p97s-zuh8

vulnerability	VCID-7pd9-1r19-73fe

vulnerability	VCID-87p8-zvvf-y7dm

vulnerability	VCID-88v7-kc2y-bfd7

vulnerability	VCID-8ebv-6941-jqdy

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-a1by-zvtm-akdc

vulnerability	VCID-a9cu-fxqw-xkdg

vulnerability	VCID-acmu-9eqb-fya5

vulnerability	VCID-bung-pa58-ayfv

vulnerability	VCID-d9ys-kxh6-nkgr

vulnerability	VCID-dcrp-rae1-zfcm

vulnerability	VCID-dhun-hj5q-dfch

vulnerability	VCID-egup-27ub-6uaf

vulnerability	VCID-egye-da2v-4ybh

vulnerability	VCID-f2zy-gq57-ufat

vulnerability	VCID-fpuc-fe6m-47c6

vulnerability	VCID-g7eg-s99s-xqe7

vulnerability	VCID-g998-xymt-fudu

vulnerability	VCID-h9ds-trhx-m7aj

vulnerability	VCID-hhk9-cr54-8fgc

vulnerability	VCID-hhkg-mfp5-2kax

vulnerability	VCID-jau7-gfz8-dkfa

vulnerability	VCID-jf7u-dvpd-b7f4

vulnerability	VCID-jtg7-217a-qqhk

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kgd1-bzst-muh7

vulnerability	VCID-kzzv-rhya-j7dd

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-mctd-9zgv-5qgp

vulnerability	VCID-mnf8-t3ew-4fgb

vulnerability	VCID-mwk8-b5c9-kbb9

vulnerability	VCID-n76n-ywja-rbhh

vulnerability	VCID-p4dn-y54m-8fd1

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-peya-mr7j-vugf

vulnerability	VCID-qdck-q54n-rkcv

vulnerability	VCID-quwu-ep21-cyew

vulnerability	VCID-qxkf-4ddv-j3b7

vulnerability	VCID-r5rc-rdd9-bfbk

vulnerability	VCID-r84b-7ay9-ekcm

vulnerability	VCID-rrdj-ssn7-zfdj

vulnerability	VCID-rwvj-tq6x-2ubs

vulnerability	VCID-su1y-2bxh-9qe2

vulnerability	VCID-t9y6-suc2-2kcg

vulnerability	VCID-ta1m-dh8x-nubc

vulnerability	VCID-tcbc-3kgt-muam

vulnerability	VCID-tcju-3rvu-wkht

vulnerability	VCID-tfn5-6ckq-wyce

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-twh8-87va-juf9

vulnerability	VCID-v94p-bxm3-akfd

vulnerability	VCID-vd1s-m27a-8ucc

vulnerability	VCID-vm4b-26sq-tfev

vulnerability	VCID-w82a-7kk2-p3f1

vulnerability	VCID-wsn2-pd9b-b3g8

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-ygvw-69am-s7ae

vulnerability	VCID-zbbr-wded-9ffj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.0

url pkg:maven/org.apache.tomcat/tomcat@6.0.13

purl pkg:maven/org.apache.tomcat/tomcat@6.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6p3e-4u8s-17ep

vulnerability	VCID-7969-7a8h-zyhh

vulnerability	VCID-peya-mr7j-vugf

vulnerability	VCID-su1y-2bxh-9qe2

vulnerability	VCID-tcju-3rvu-wkht

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.13

url pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.2?arch=el5

purl pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.2?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6p3e-4u8s-17ep

vulnerability	VCID-7969-7a8h-zyhh

vulnerability	VCID-su1y-2bxh-9qe2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat5@5.5.23-0jpp.3.0.2%3Farch=el5

url pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh?arch=4

purl pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh?arch=4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6p3e-4u8s-17ep

vulnerability	VCID-7969-7a8h-zyhh

vulnerability	VCID-peya-mr7j-vugf

vulnerability	VCID-qxkf-4ddv-j3b7

vulnerability	VCID-su1y-2bxh-9qe2

vulnerability	VCID-tcju-3rvu-wkht

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh%3Farch=4

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3386.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3386.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3386

reference_id

reference_type

scores

value	0.69959
scoring_system	epss
scoring_elements	0.98657
published_at	2026-04-01T12:55:00Z

value	0.73782
scoring_system	epss
scoring_elements	0.98807
published_at	2026-04-02T12:55:00Z

value	0.73782
scoring_system	epss
scoring_elements	0.9881
published_at	2026-04-04T12:55:00Z

value	0.73782
scoring_system	epss
scoring_elements	0.98813
published_at	2026-04-07T12:55:00Z

value	0.73782
scoring_system	epss
scoring_elements	0.98814
published_at	2026-04-09T12:55:00Z

value	0.73782
scoring_system	epss
scoring_elements	0.98816
published_at	2026-04-11T12:55:00Z

value	0.73782
scoring_system	epss
scoring_elements	0.98817
published_at	2026-04-12T12:55:00Z

value	0.73782
scoring_system	epss
scoring_elements	0.98818
published_at	2026-04-13T12:55:00Z

value	0.73782
scoring_system	epss
scoring_elements	0.98823
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3386

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=247994
reference_id	247994
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=247994

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386

reference_id

CVE-2007-3386

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30495.html
reference_id	CVE-2007-3386;OSVDB-36417
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/30495.html

reference_url	https://www.securityfocus.com/bid/25314/info
reference_id	CVE-2007-3386;OSVDB-36417
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/25314/info

reference_url	https://access.redhat.com/errata/RHSA-2007:0871
reference_id	RHSA-2007:0871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0871

reference_url	https://access.redhat.com/errata/RHSA-2007:0876
reference_id	RHSA-2007:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0876

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Exploits

date_added	2007-08-14
description	Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2007-08-14
exploit_type	remote
platform	multiple
source_date_updated	2013-12-25
data_source	Exploit-DB
source_url	https://www.securityfocus.com/bid/25314/info

Severity_range_score 0.1 - 3

Exploitability 2.0

Weighted_severity 2.7

Risk_score 5.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-su1y-2bxh-9qe2

Vulnerability Instance