Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat-catalina@7.0

Type maven

Namespace org.apache.tomcat

Name tomcat-catalina

Version 7.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.0.52

Latest_non_vulnerable_version 11.0.15

Affected_by_vulnerabilities

url VCID-et9y-m4hb-43h7

vulnerability_id VCID-et9y-m4hb-43h7

summary

Unrestricted Upload of File with Dangerous Type
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

references

reference_url	http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html
reference_id
reference_type
scores
url	http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html

reference_url	https://access.redhat.com/errata/RHSA-2017:3080
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3080

reference_url	https://access.redhat.com/errata/RHSA-2017:3081
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3081

reference_url	https://access.redhat.com/errata/RHSA-2017:3113
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3113

reference_url	https://access.redhat.com/errata/RHSA-2017:3114
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3114

reference_url	https://access.redhat.com/errata/RHSA-2018:0465
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0465

reference_url	https://access.redhat.com/errata/RHSA-2018:0466
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0466

reference_url	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://security.netapp.com/advisory/ntap-20171018-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20171018-0001/

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1804604
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1804604

reference_url	https://svn.apache.org/viewvc?view=rev&rev=1804729
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc?view=rev&rev=1804729

reference_url	https://www.exploit-db.com/exploits/42953/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/42953/

reference_url	https://www.synology.com/support/security/Synology_SA_17_54_Tomcat
reference_id
reference_type
scores
url	https://www.synology.com/support/security/Synology_SA_17_54_Tomcat

reference_url	http://www.securityfocus.com/bid/100901
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100901

reference_url	http://www.securitytracker.com/id/1039392
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039392

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615

reference_id

CVE-2017-12615

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615

reference_url	https://github.com/breaktoprotect/CVE-2017-12615
reference_id	CVE-2017-12615
reference_type
scores
url	https://github.com/breaktoprotect/CVE-2017-12615

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-12615
reference_id	CVE-2017-12615
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-12615

reference_url	https://github.com/advisories/GHSA-pjfr-qf3p-3q25
reference_id	GHSA-pjfr-qf3p-3q25
reference_type
scores
url	https://github.com/advisories/GHSA-pjfr-qf3p-3q25

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.52
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.52
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.52

url pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.78

purl pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.78

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u95s-xhwk-vka6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.78

url	pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.81
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.81
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.81

aliases CVE-2017-12615, GHSA-pjfr-qf3p-3q25

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et9y-m4hb-43h7

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0

Package Instance