Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@6.0.18

Type maven

Namespace org.apache.tomcat.embed

Name tomcat-embed-core

Version 6.0.18

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.0.72

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-yswq-hnqg-sycs

vulnerability_id VCID-yswq-hnqg-sycs

summary

Apache Tomcat Cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to `host-manager/html/add`.

references

reference_url	https://access.redhat.com/errata/RHSA-2008:0648
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0648

reference_url	https://access.redhat.com/errata/RHSA-2008:0862
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0862

reference_url	https://access.redhat.com/errata/RHSA-2008:0864
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0864

reference_url	https://access.redhat.com/errata/RHSA-2008:1007
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:1007

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=446393
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=446393

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/42816
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/42816

reference_url	https://github.com/apache/tomcat
reference_id
reference_type
scores
url	https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab

reference_url	https://github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030

reference_url	https://github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a

reference_url	https://github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
url	https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009

reference_url	https://web.archive.org/web/20200514224656/http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20200514224656/http://www.securityfocus.com/archive/1/507985/100/0/threaded

reference_url	https://web.archive.org/web/20201208011750/http://www.securityfocus.com/archive/1/492958/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20201208011750/http://www.securityfocus.com/archive/1/492958/100/0/threaded

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

reference_url	https://access.redhat.com/security/cve/CVE-2008-1947
reference_id	CVE-2008-1947
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2008-1947

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2008-1947
reference_id	CVE-2008-1947
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2008-1947

reference_url	https://github.com/advisories/GHSA-f98p-9pp6-7q6c
reference_id	GHSA-f98p-9pp6-7q6c
reference_type
scores
url	https://github.com/advisories/GHSA-f98p-9pp6-7q6c

fixed_packages

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@5.5.27
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@5.5.27
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@5.5.27

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@6.0.18
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@6.0.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@6.0.18

aliases CVE-2008-1947, GHSA-f98p-9pp6-7q6c

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yswq-hnqg-sycs

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@6.0.18

Package Instance