Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat@4.1.37

Type maven

Namespace org.apache.tomcat

Name tomcat

Version 4.1.37

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.1.38

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

url VCID-t4mh-zvhq-27du

vulnerability_id VCID-t4mh-zvhq-27du

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

references

reference_url	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

reference_url	http://marc.info/?l=bugtraq&m=123376588623823&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=123376588623823&w=2

reference_url	http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=139344343412337&w=2

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44156

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876

reference_url	http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT3216

reference_url	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
reference_id
reference_type
scores
url	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

reference_url	https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099
reference_id
reference_type
scores
url	https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099

reference_url	https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381

reference_url	https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639

reference_url	https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891

reference_url	https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120

reference_url	https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982

reference_url	https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266

reference_url	https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222

reference_url	https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797
reference_id
reference_type
scores
url	https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797

reference_url	https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999
reference_id
reference_type
scores
url	https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999

reference_url	https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379
reference_id
reference_type
scores
url	https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379

reference_url	https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013
reference_id
reference_type
scores
url	https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013

reference_url	https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865
reference_id
reference_type
scores
url	https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865

reference_url	https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393
reference_id
reference_type
scores
url	https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393

reference_url	https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249
reference_id
reference_type
scores
url	https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249

reference_url	https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460
reference_id
reference_type
scores
url	https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460

reference_url	https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623
reference_id
reference_type
scores
url	https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623

reference_url	https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494
reference_id
reference_type
scores
url	https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494

reference_url	https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded

reference_url	https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681
reference_id
reference_type
scores
url	https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681

reference_url	https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126
reference_id
reference_type
scores
url	https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126

reference_url	https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

reference_url	http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-4.html

reference_url	http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-5.html

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
reference_id
reference_type
scores
url	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0648.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0648.html

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0862.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0862.html

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0864.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0864.html

reference_url	http://www.vmware.com/security/advisories/VMSA-2009-0002.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2009-0002.html

reference_url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2008-2370
reference_id	CVE-2008-2370
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2008-2370

reference_url	https://github.com/advisories/GHSA-m8h8-6rvg-f4mg
reference_id	GHSA-m8h8-6rvg-f4mg
reference_type
scores
url	https://github.com/advisories/GHSA-m8h8-6rvg-f4mg

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@4.1.38
purl	pkg:maven/org.apache.tomcat/tomcat@4.1.38
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.38

url pkg:maven/org.apache.tomcat/tomcat@5.5.27

purl pkg:maven/org.apache.tomcat/tomcat@5.5.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eygg-nt7y-qubh

vulnerability	VCID-hmqa-jhuf-hfe2

vulnerability	VCID-rdr4-db3y-p3cz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.27

url pkg:maven/org.apache.tomcat/tomcat@6.0.18

purl pkg:maven/org.apache.tomcat/tomcat@6.0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hmqa-jhuf-hfe2

vulnerability	VCID-rdr4-db3y-p3cz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.18

aliases CVE-2008-2370, GHSA-m8h8-6rvg-f4mg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t4mh-zvhq-27du

url VCID-wg7f-pjmn-uudk

vulnerability_id VCID-wg7f-pjmn-uudk

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

references

reference_url	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx
reference_id
reference_type
scores
url	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx

reference_url	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

reference_url	http://marc.info/?l=bugtraq&m=123376588623823&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=123376588623823&w=2

reference_url	http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=139344343412337&w=2

reference_url	https://access.redhat.com/errata/RHSA-2008:0648
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0648

reference_url	https://access.redhat.com/errata/RHSA-2008:0862
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0862

reference_url	https://access.redhat.com/errata/RHSA-2008:0864
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0864

reference_url	https://access.redhat.com/errata/RHSA-2008:0877
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0877

reference_url	https://access.redhat.com/errata/RHSA-2008:1007
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:1007

reference_url	https://access.redhat.com/errata/RHSA-2010:0602
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2010:0602

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=457597
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=457597

reference_url	http://secunia.com/advisories/31379
reference_id
reference_type
scores
url	http://secunia.com/advisories/31379

reference_url	http://secunia.com/advisories/31381
reference_id
reference_type
scores
url	http://secunia.com/advisories/31381

reference_url	http://secunia.com/advisories/31639
reference_id
reference_type
scores
url	http://secunia.com/advisories/31639

reference_url	http://secunia.com/advisories/31865
reference_id
reference_type
scores
url	http://secunia.com/advisories/31865

reference_url	http://secunia.com/advisories/31891
reference_id
reference_type
scores
url	http://secunia.com/advisories/31891

reference_url	http://secunia.com/advisories/31982
reference_id
reference_type
scores
url	http://secunia.com/advisories/31982

reference_url	http://secunia.com/advisories/32120
reference_id
reference_type
scores
url	http://secunia.com/advisories/32120

reference_url	http://secunia.com/advisories/32222
reference_id
reference_type
scores
url	http://secunia.com/advisories/32222

reference_url	http://secunia.com/advisories/32266
reference_id
reference_type
scores
url	http://secunia.com/advisories/32266

reference_url	http://secunia.com/advisories/33797
reference_id
reference_type
scores
url	http://secunia.com/advisories/33797

reference_url	http://secunia.com/advisories/33999
reference_id
reference_type
scores
url	http://secunia.com/advisories/33999

reference_url	http://secunia.com/advisories/34013
reference_id
reference_type
scores
url	http://secunia.com/advisories/34013

reference_url	http://secunia.com/advisories/35474
reference_id
reference_type
scores
url	http://secunia.com/advisories/35474

reference_url	http://secunia.com/advisories/36108
reference_id
reference_type
scores
url	http://secunia.com/advisories/36108

reference_url	http://secunia.com/advisories/37460
reference_id
reference_type
scores
url	http://secunia.com/advisories/37460

reference_url	http://secunia.com/advisories/57126
reference_id
reference_type
scores
url	http://secunia.com/advisories/57126

reference_url	http://securityreason.com/securityalert/4098
reference_id
reference_type
scores
url	http://securityreason.com/securityalert/4098

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44155
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44155

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985

reference_url	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500
reference_id
reference_type
scores
url	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500

reference_url	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095
reference_id
reference_type
scores
url	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095

reference_url	http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT3216

reference_url	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
reference_id
reference_type
scores
url	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

reference_url	http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-4.html

reference_url	http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-5.html

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0648.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0648.html

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0862.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0862.html

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0864.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0864.html

reference_url	http://www.securityfocus.com/archive/1/495021/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/495021/100/0/threaded

reference_url	http://www.securityfocus.com/archive/1/504351/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/504351/100/0/threaded

reference_url	http://www.securityfocus.com/archive/1/505556/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/505556/100/0/threaded

reference_url	http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/507985/100/0/threaded

reference_url	http://www.securityfocus.com/bid/30496
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/30496

reference_url	http://www.securityfocus.com/bid/31681
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/31681

reference_url	http://www.securitytracker.com/id?1020622
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1020622

reference_url	http://www.vmware.com/security/advisories/VMSA-2009-0002.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2009-0002.html

reference_url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html

reference_url	http://www.vupen.com/english/advisories/2008/2305
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2305

reference_url	http://www.vupen.com/english/advisories/2008/2780
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2780

reference_url	http://www.vupen.com/english/advisories/2008/2823
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2823

reference_url	http://www.vupen.com/english/advisories/2009/0320
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/0320

reference_url	http://www.vupen.com/english/advisories/2009/0503
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/0503

reference_url	http://www.vupen.com/english/advisories/2009/1609
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/1609

reference_url	http://www.vupen.com/english/advisories/2009/2194
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/2194

reference_url	http://www.vupen.com/english/advisories/2009/3316
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/3316

reference_url	https://access.redhat.com/security/cve/CVE-2008-1232
reference_id	CVE-2008-1232
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2008-1232

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2008-1232
reference_id	CVE-2008-1232
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2008-1232

reference_url	https://github.com/advisories/GHSA-q74x-qqhr-f8rx
reference_id	GHSA-q74x-qqhr-f8rx
reference_type
scores
url	https://github.com/advisories/GHSA-q74x-qqhr-f8rx

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@4.1.38
purl	pkg:maven/org.apache.tomcat/tomcat@4.1.38
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.38

url pkg:maven/org.apache.tomcat/tomcat@5.5.27

purl pkg:maven/org.apache.tomcat/tomcat@5.5.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eygg-nt7y-qubh

vulnerability	VCID-hmqa-jhuf-hfe2

vulnerability	VCID-rdr4-db3y-p3cz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.27

url	pkg:maven/org.apache.tomcat/tomcat@6.0.17
purl	pkg:maven/org.apache.tomcat/tomcat@6.0.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.17

aliases CVE-2008-1232, GHSA-q74x-qqhr-f8rx

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg7f-pjmn-uudk

Fixing_vulnerabilities

url VCID-qdvn-uc56-6fds

vulnerability_id VCID-qdvn-uc56-6fds

summary

Exposure of Sensitive Information in Apache Tomcat
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

references

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=532111
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=532111

reference_url	https://github.com/apache/tomcat
reference_id
reference_type
scores
url	https://github.com/apache/tomcat

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11177

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2007-5333
reference_id	CVE-2007-5333
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2007-5333

reference_url	https://github.com/advisories/GHSA-cww4-vj5r-rx57
reference_id	GHSA-cww4-vj5r-rx57
reference_type
scores
url	https://github.com/advisories/GHSA-cww4-vj5r-rx57

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@4.1.37

purl pkg:maven/org.apache.tomcat/tomcat@4.1.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-t4mh-zvhq-27du

vulnerability	VCID-wg7f-pjmn-uudk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37

url pkg:maven/org.apache.tomcat/tomcat@5.5.26

purl pkg:maven/org.apache.tomcat/tomcat@5.5.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-t4mh-zvhq-27du

vulnerability	VCID-wg7f-pjmn-uudk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.26

url pkg:maven/org.apache.tomcat/tomcat@6.0.15

purl pkg:maven/org.apache.tomcat/tomcat@6.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qzyq-d6qk-67ag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.15

aliases CVE-2007-5333, GHSA-cww4-vj5r-rx57

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdvn-uc56-6fds

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.37

Package Instance