Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-bk88-51w4-mfcn

Summary

Multiple vulnerabilities have been found in Apache Tomcat, the
    worst of which could lead to privilege escalation.

Aliases

alias	CVE-2016-1240

Fixed_packages

url	pkg:deb/debian/tomcat7@7.0.56-3%2Bdeb8u11
purl	pkg:deb/debian/tomcat7@7.0.56-3%2Bdeb8u11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat7@7.0.56-3%252Bdeb8u11

url pkg:deb/debian/tomcat8@8.0.14-1%2Bdeb8u11

purl pkg:deb/debian/tomcat8@8.0.14-1%2Bdeb8u11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-rq42-qvsy-hue6

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-xshb-a2kb-c7gs

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat8@8.0.14-1%252Bdeb8u11

url	pkg:ebuild/www-servers/tomcat@7.0.70
purl	pkg:ebuild/www-servers/tomcat@7.0.70
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.70

url	pkg:ebuild/www-servers/tomcat@8.0.36
purl	pkg:ebuild/www-servers/tomcat@8.0.36
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@8.0.36

Affected_packages

url pkg:deb/debian/tomcat7@7.0.28-4%2Bdeb7u4

purl pkg:deb/debian/tomcat7@7.0.28-4%2Bdeb7u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-866s-u6mh-1qh2

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-ce78-p29q-4khb

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g45v-nvj6-ekat

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-qrpd-nsdz-3ba5

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat7@7.0.28-4%252Bdeb7u4

url pkg:deb/debian/tomcat7@7.0.56-1~bpo70%2B3

purl pkg:deb/debian/tomcat7@7.0.56-1~bpo70%2B3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-866s-u6mh-1qh2

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-ce78-p29q-4khb

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g45v-nvj6-ekat

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-qrpd-nsdz-3ba5

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat7@7.0.56-1~bpo70%252B3

url pkg:deb/debian/tomcat7@7.0.56-3

purl pkg:deb/debian/tomcat7@7.0.56-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-866s-u6mh-1qh2

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-ce78-p29q-4khb

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g45v-nvj6-ekat

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-qrpd-nsdz-3ba5

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat7@7.0.56-3

url pkg:deb/debian/tomcat8@8.0.14-1~bpo70%2B2

purl pkg:deb/debian/tomcat8@8.0.14-1~bpo70%2B2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-ce78-p29q-4khb

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g45v-nvj6-ekat

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kp65-9ap8-yuau

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-qrpd-nsdz-3ba5

vulnerability	VCID-rq42-qvsy-hue6

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-xshb-a2kb-c7gs

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat8@8.0.14-1~bpo70%252B2

url pkg:deb/debian/tomcat8@8.0.14-1

purl pkg:deb/debian/tomcat8@8.0.14-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-1k8f-vsg1-k3d6

vulnerability	VCID-2sbh-sy57-3uez

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-68fk-4g86-ekbp

vulnerability	VCID-7cpu-h5fr-8ffd

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-9exq-fhv6-bbea

vulnerability	VCID-aeeu-fpay-wufz

vulnerability	VCID-arkn-bca7-hqam

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-ce78-p29q-4khb

vulnerability	VCID-dzpn-w4b3-vbcm

vulnerability	VCID-eb37-mkxf-7fgw

vulnerability	VCID-enaj-f97c-jbh7

vulnerability	VCID-f77q-v5xp-e7dy

vulnerability	VCID-fyfz-6tr5-2fc7

vulnerability	VCID-g45v-nvj6-ekat

vulnerability	VCID-g7bk-891a-uufy

vulnerability	VCID-hmbm-5ysw-77bu

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-kp65-9ap8-yuau

vulnerability	VCID-kyb8-rvyw-s7b1

vulnerability	VCID-m1zd-uytj-3bej

vulnerability	VCID-m2zn-ja8d-7kg8

vulnerability	VCID-n3zn-tuck-gkfe

vulnerability	VCID-p6ch-pc73-b3ck

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-qrpd-nsdz-3ba5

vulnerability	VCID-rq42-qvsy-hue6

vulnerability	VCID-ruuh-g3fa-m7d8

vulnerability	VCID-tfrs-d458-tfaq

vulnerability	VCID-vhjj-dnft-kkf4

vulnerability	VCID-wbaq-j85q-y3c6

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-xshb-a2kb-c7gs

vulnerability	VCID-yfx4-4gsc-2kgh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat8@8.0.14-1

url pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6?arch=el7

purl pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6%3Farch=el7

url pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6?arch=el6

purl pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24@1-3.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24@1-3.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-2xc4-7zg9-y7fw

vulnerability	VCID-33f9-ps96-9bfz

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-k4kb-21tp-4kc8

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-snj8-2smt-3kdv

vulnerability	VCID-vqe4-4q4r-aybe

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-y2dr-h2d9-xbaa

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24@1-3.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24@1-3.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24@1-3.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-2xc4-7zg9-y7fw

vulnerability	VCID-33f9-ps96-9bfz

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-k4kb-21tp-4kc8

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-snj8-2smt-3kdv

vulnerability	VCID-vqe4-4q4r-aybe

vulnerability	VCID-xf8r-kqxb-7qdy

vulnerability	VCID-y2dr-h2d9-xbaa

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24@1-3.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.0.15-17.redhat_2.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.0.15-17.redhat_2.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.0.15-17.redhat_2.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.0.15-17.redhat_2.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.0.15-17.redhat_2.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.0.15-17.redhat_2.jbcs%3Farch=el6

url pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7?arch=el6

purl pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7%3Farch=el6

url pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7?arch=el7

purl pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7%3Farch=el7

url pkg:rpm/redhat/tomcat7@7.0.70-16.ep7?arch=el6

purl pkg:rpm/redhat/tomcat7@7.0.70-16.ep7?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat7@7.0.70-16.ep7%3Farch=el6

url pkg:rpm/redhat/tomcat7@7.0.70-16.ep7?arch=el7

purl pkg:rpm/redhat/tomcat7@7.0.70-16.ep7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat7@7.0.70-16.ep7%3Farch=el7

url pkg:rpm/redhat/tomcat8@8.0.36-17.ep7?arch=el7

purl pkg:rpm/redhat/tomcat8@8.0.36-17.ep7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat8@8.0.36-17.ep7%3Farch=el7

url pkg:rpm/redhat/tomcat8@8.0.36-17.ep7?arch=el6

purl pkg:rpm/redhat/tomcat8@8.0.36-17.ep7?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat8@8.0.36-17.ep7%3Farch=el6

url pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7?arch=el7

purl pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7%3Farch=el7

url pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7?arch=el6

purl pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7%3Farch=el6

url pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7?arch=el6

purl pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7%3Farch=el6

url pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7?arch=el7

purl pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18q4-zark-s7a7

vulnerability	VCID-3cr9-g81m-4ugy

vulnerability	VCID-3n4t-bvb1-5qer

vulnerability	VCID-3r3s-q21j-c3au

vulnerability	VCID-95d1-arxd-hkd1

vulnerability	VCID-bk88-51w4-mfcn

vulnerability	VCID-hves-r5bg-yfes

vulnerability	VCID-kagr-74d9-kyhx

vulnerability	VCID-msy8-g5w8-afbd

vulnerability	VCID-pqxe-tfhk-47b7

vulnerability	VCID-xf8r-kqxb-7qdy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7%3Farch=el7

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1240.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1240.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

reference_id

reference_type

scores

value	0.22085
scoring_system	epss
scoring_elements	0.95752
published_at	2026-04-01T12:55:00Z

value	0.22085
scoring_system	epss
scoring_elements	0.95762
published_at	2026-04-02T12:55:00Z

value	0.22085
scoring_system	epss
scoring_elements	0.95769
published_at	2026-04-04T12:55:00Z

value	0.22085
scoring_system	epss
scoring_elements	0.95772
published_at	2026-04-07T12:55:00Z

value	0.22085
scoring_system	epss
scoring_elements	0.9578
published_at	2026-04-08T12:55:00Z

value	0.22085
scoring_system	epss
scoring_elements	0.95783
published_at	2026-04-09T12:55:00Z

value	0.22085
scoring_system	epss
scoring_elements	0.95787
published_at	2026-04-12T12:55:00Z

value	0.22085
scoring_system	epss
scoring_elements	0.95788
published_at	2026-04-13T12:55:00Z

value	0.22085
scoring_system	epss
scoring_elements	0.95798
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1240
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1240

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1376712
reference_id	1376712
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1376712

reference_url	http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html
reference_id	CVE-2016-1240
reference_type	exploit
scores
url	http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40450.txt
reference_id	CVE-2016-1240
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40450.txt

reference_url	https://access.redhat.com/errata/RHSA-2017:0457
reference_id	RHSA-2017:0457
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0457

reference_url	https://usn.ubuntu.com/3081-1/
reference_id	USN-3081-1
reference_type
scores
url	https://usn.ubuntu.com/3081-1/

reference_url	https://usn.ubuntu.com/3081-2/
reference_id	USN-3081-2
reference_type
scores
url	https://usn.ubuntu.com/3081-2/

Weaknesses

cwe_id	284
name	Improper Access Control
description	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Exploits

date_added	2016-10-03
description	Apache Tomcat 8/7/6 (Debian-Based Distros) - Local Privilege Escalation
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2016-10-03
exploit_type	local
platform	linux
source_date_updated	2016-10-03
data_source	Exploit-DB
source_url	http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html

date_added	`null`
description	Tomcat (6, 7, 8) packages provided by default repositories on Debian-based distributions (including Debian, Ubuntu etc.) provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account (for example, by exploiting an RCE vulnerability in a java web application hosted on Tomcat, uploading a webshell etc.) to escalate their privileges from tomcat user to root and fully compromise the target system. Tested against Tomcat 8.0.32-1ubuntu1.1 on Ubuntu 16.04
required_action	`null`
due_date	`null`
notes	Stability: - crash-safe Reliability: - repeatable-session SideEffects: - artifacts-on-disk - config-changes - ioc-in-logs
known_ransomware_campaign_use	`false`
source_date_published	2016-09-30
exploit_type	`null`
platform	Linux
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local/tomcat_ubuntu_log_init_priv_esc.rb

Severity_range_score 7.0 - 7.0

Exploitability 2.0

Weighted_severity 6.3

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bk88-51w4-mfcn

Vulnerability Instance