Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@8.5.16
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version8.5.16
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.5.24
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
0
url VCID-q1cf-qg1v-3ybr
vulnerability_id VCID-q1cf-qg1v-3ybr
summary 
Improperly Implemented Security Check for Standard
Some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15706
reference_id CVE-2017-15706
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-15706
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.24
purl pkg:maven/org.apache.tomcat/tomcat@8.5.24
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.24
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.2
purl pkg:maven/org.apache.tomcat/tomcat@9.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.2
aliases CVE-2017-15706
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q1cf-qg1v-3ybr
Fixing_vulnerabilities
0
url VCID-dast-z2hv-2yfe
vulnerability_id VCID-dast-z2hv-2yfe
summary 
Path Traversal
The HTTP/2 implementation in Tomcat bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
references
0
reference_url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
1
reference_url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79c46276c350e05a15@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79c46276c350e05a15@%3Cdev.tomcat.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c@%3Cannounce.tomcat.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
12
reference_url https://security.netapp.com/advisory/ntap-20180614-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180614-0003/
13
reference_url http://www.debian.org/security/2017/dsa-3974
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3974
14
reference_url http://www.securityfocus.com/bid/100256
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100256
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7675
reference_id CVE-2017-7675
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7675
16
reference_url https://github.com/advisories/GHSA-68g5-8q7f-m384
reference_id GHSA-68g5-8q7f-m384
reference_type
scores
url https://github.com/advisories/GHSA-68g5-8q7f-m384
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@8.5.16
purl pkg:maven/org.apache.tomcat/tomcat@8.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q1cf-qg1v-3ybr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.16
1
url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M22
purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M22
aliases CVE-2017-7675, GHSA-68g5-8q7f-m384
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dast-z2hv-2yfe
1
url VCID-u95s-xhwk-vka6
vulnerability_id VCID-u95s-xhwk-vka6
summary 
Insufficient Verification of Data Authenticity
The CORS Filter in Apache Tomcat did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1480618
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1480618
1
reference_url https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E
2
reference_url https://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-7.html
3
reference_url https://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url https://tomcat.apache.org/security-8.html
4
reference_url http://www.securityfocus.com/bid/100280
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100280
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7674
reference_id CVE-2017-7674
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7674
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@7.0.79
purl pkg:maven/org.apache.tomcat/tomcat@7.0.79
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q1cf-qg1v-3ybr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.79
1
url pkg:maven/org.apache.tomcat/tomcat@8.0.45
purl pkg:maven/org.apache.tomcat/tomcat@8.0.45
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q1cf-qg1v-3ybr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.45
2
url pkg:maven/org.apache.tomcat/tomcat@8.5.16
purl pkg:maven/org.apache.tomcat/tomcat@8.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q1cf-qg1v-3ybr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.16
3
url pkg:maven/org.apache.tomcat/tomcat@9.0.1
purl pkg:maven/org.apache.tomcat/tomcat@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q1cf-qg1v-3ybr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.1
aliases CVE-2017-7674
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u95s-xhwk-vka6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.16