Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat@5.5.27

Type maven

Namespace org.apache.tomcat

Name tomcat

Version 5.5.27

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.5.30

Latest_non_vulnerable_version 11.0.18

Affected_by_vulnerabilities

url VCID-eygg-nt7y-qubh

vulnerability_id VCID-eygg-nt7y-qubh

summary

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

references

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/51195
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/51195

reference_url	https://issues.apache.org/bugzilla/show_bug.cgi?id=29936
reference_id
reference_type
scores
url	https://issues.apache.org/bugzilla/show_bug.cgi?id=29936

reference_url	https://issues.apache.org/bugzilla/show_bug.cgi?id=45933
reference_id
reference_type
scores
url	https://issues.apache.org/bugzilla/show_bug.cgi?id=45933

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450

reference_url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2009-0783
reference_id	CVE-2009-0783
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2009-0783

reference_url	https://github.com/advisories/GHSA-hhjg-g8xq-hhr3
reference_id	GHSA-hhjg-g8xq-hhr3
reference_type
scores
url	https://github.com/advisories/GHSA-hhjg-g8xq-hhr3

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@6.0.20

purl pkg:maven/org.apache.tomcat/tomcat@6.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9j31-459b-4qbm

vulnerability	VCID-eawm-8v9w-yfap

vulnerability	VCID-y9yv-u4jh-mqew

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.20

aliases CVE-2009-0783, GHSA-hhjg-g8xq-hhr3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eygg-nt7y-qubh

url VCID-hmqa-jhuf-hfe2

vulnerability_id VCID-hmqa-jhuf-hfe2

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

references

reference_url	http://marc.info/?l=bugtraq&m=127420533226623&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=127420533226623&w=2

reference_url	http://marc.info/?l=bugtraq&m=129070310906557&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=129070310906557&w=2

reference_url	http://marc.info/?l=bugtraq&m=133469267822771&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=133469267822771&w=2

reference_url	http://marc.info/?l=bugtraq&m=136485229118404&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=136485229118404&w=2

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/49213
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/49213

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564

reference_url	http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT4077

reference_url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html

reference_url	http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-4.html

reference_url	http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-5.html

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://www.debian.org/security/2011/dsa-2207
reference_id
reference_type
scores
url	http://www.debian.org/security/2011/dsa-2207

reference_url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2009-0781
reference_id	CVE-2009-0781
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2009-0781

reference_url	https://github.com/advisories/GHSA-j788-fx57-99wp
reference_id	GHSA-j788-fx57-99wp
reference_type
scores
url	https://github.com/advisories/GHSA-j788-fx57-99wp

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@6.0.20

purl pkg:maven/org.apache.tomcat/tomcat@6.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9j31-459b-4qbm

vulnerability	VCID-eawm-8v9w-yfap

vulnerability	VCID-y9yv-u4jh-mqew

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.20

aliases CVE-2009-0781, GHSA-j788-fx57-99wp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hmqa-jhuf-hfe2

url VCID-rdr4-db3y-p3cz

vulnerability_id VCID-rdr4-db3y-p3cz

summary

Improper Input Validation
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

references

reference_url	http://jvn.jp/en/jp/JVN87272440/index.html
reference_id
reference_type
scores
url	http://jvn.jp/en/jp/JVN87272440/index.html

reference_url	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

reference_url	http://marc.info/?l=bugtraq&m=127420533226623&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=127420533226623&w=2

reference_url	http://marc.info/?l=bugtraq&m=129070310906557&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=129070310906557&w=2

reference_url	http://marc.info/?l=bugtraq&m=133469267822771&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=133469267822771&w=2

reference_url	http://marc.info/?l=bugtraq&m=136485229118404&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=136485229118404&w=2

reference_url	http://securitytracker.com/id?1022331
reference_id
reference_type
scores
url	http://securitytracker.com/id?1022331

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/50928
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/50928

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739

reference_url	http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
reference_id
reference_type
scores
url	http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1

reference_url	http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT4077

reference_url	http://svn.apache.org/viewvc?rev=742915&view=rev
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?rev=742915&view=rev

reference_url	http://svn.apache.org/viewvc?rev=781362&view=rev
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?rev=781362&view=rev

reference_url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html

reference_url	http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-4.html

reference_url	http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-5.html

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://www.debian.org/security/2011/dsa-2207
reference_id
reference_type
scores
url	http://www.debian.org/security/2011/dsa-2207

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2009:136

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2009:138

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2010:176

reference_url	http://www.securityfocus.com/archive/1/504044/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/504044/100/0/threaded

reference_url	http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/507985/100/0/threaded

reference_url	http://www.securityfocus.com/bid/35193
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/35193

reference_url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2009-0033
reference_id	CVE-2009-0033
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2009-0033

reference_url	https://github.com/advisories/GHSA-5cw4-ggx9-36vg
reference_id	GHSA-5cw4-ggx9-36vg
reference_type
scores
url	https://github.com/advisories/GHSA-5cw4-ggx9-36vg

fixed_packages

aliases CVE-2009-0033, GHSA-5cw4-ggx9-36vg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdr4-db3y-p3cz

Fixing_vulnerabilities

url VCID-t4mh-zvhq-27du

vulnerability_id VCID-t4mh-zvhq-27du

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

references

reference_url	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

reference_url	http://marc.info/?l=bugtraq&m=123376588623823&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=123376588623823&w=2

reference_url	http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=139344343412337&w=2

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44156

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876

reference_url	http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT3216

reference_url	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
reference_id
reference_type
scores
url	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

reference_url	https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099
reference_id
reference_type
scores
url	https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099

reference_url	https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381

reference_url	https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639

reference_url	https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891

reference_url	https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120

reference_url	https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982

reference_url	https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266

reference_url	https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222
reference_id
reference_type
scores
url	https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222

reference_url	https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797
reference_id
reference_type
scores
url	https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797

reference_url	https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999
reference_id
reference_type
scores
url	https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999

reference_url	https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379
reference_id
reference_type
scores
url	https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379

reference_url	https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013
reference_id
reference_type
scores
url	https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013

reference_url	https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865
reference_id
reference_type
scores
url	https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865

reference_url	https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393
reference_id
reference_type
scores
url	https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393

reference_url	https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249
reference_id
reference_type
scores
url	https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249

reference_url	https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460
reference_id
reference_type
scores
url	https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460

reference_url	https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623
reference_id
reference_type
scores
url	https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623

reference_url	https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494
reference_id
reference_type
scores
url	https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494

reference_url	https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded

reference_url	https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681
reference_id
reference_type
scores
url	https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681

reference_url	https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126
reference_id
reference_type
scores
url	https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126

reference_url	https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

reference_url	http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-4.html

reference_url	http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-5.html

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
reference_id
reference_type
scores
url	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0648.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0648.html

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0862.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0862.html

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0864.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0864.html

reference_url	http://www.vmware.com/security/advisories/VMSA-2009-0002.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2009-0002.html

reference_url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2008-2370
reference_id	CVE-2008-2370
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2008-2370

reference_url	https://github.com/advisories/GHSA-m8h8-6rvg-f4mg
reference_id	GHSA-m8h8-6rvg-f4mg
reference_type
scores
url	https://github.com/advisories/GHSA-m8h8-6rvg-f4mg

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@4.1.38
purl	pkg:maven/org.apache.tomcat/tomcat@4.1.38
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.38

url pkg:maven/org.apache.tomcat/tomcat@5.5.27

purl pkg:maven/org.apache.tomcat/tomcat@5.5.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eygg-nt7y-qubh

vulnerability	VCID-hmqa-jhuf-hfe2

vulnerability	VCID-rdr4-db3y-p3cz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.27

url pkg:maven/org.apache.tomcat/tomcat@6.0.18

purl pkg:maven/org.apache.tomcat/tomcat@6.0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hmqa-jhuf-hfe2

vulnerability	VCID-rdr4-db3y-p3cz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.18

aliases CVE-2008-2370, GHSA-m8h8-6rvg-f4mg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t4mh-zvhq-27du

url VCID-wg7f-pjmn-uudk

vulnerability_id VCID-wg7f-pjmn-uudk

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

references

reference_url	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx
reference_id
reference_type
scores
url	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx

reference_url	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

reference_url	http://marc.info/?l=bugtraq&m=123376588623823&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=123376588623823&w=2

reference_url	http://marc.info/?l=bugtraq&m=139344343412337&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=139344343412337&w=2

reference_url	https://access.redhat.com/errata/RHSA-2008:0648
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0648

reference_url	https://access.redhat.com/errata/RHSA-2008:0862
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0862

reference_url	https://access.redhat.com/errata/RHSA-2008:0864
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0864

reference_url	https://access.redhat.com/errata/RHSA-2008:0877
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0877

reference_url	https://access.redhat.com/errata/RHSA-2008:1007
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:1007

reference_url	https://access.redhat.com/errata/RHSA-2010:0602
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2010:0602

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=457597
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=457597

reference_url	http://secunia.com/advisories/31379
reference_id
reference_type
scores
url	http://secunia.com/advisories/31379

reference_url	http://secunia.com/advisories/31381
reference_id
reference_type
scores
url	http://secunia.com/advisories/31381

reference_url	http://secunia.com/advisories/31639
reference_id
reference_type
scores
url	http://secunia.com/advisories/31639

reference_url	http://secunia.com/advisories/31865
reference_id
reference_type
scores
url	http://secunia.com/advisories/31865

reference_url	http://secunia.com/advisories/31891
reference_id
reference_type
scores
url	http://secunia.com/advisories/31891

reference_url	http://secunia.com/advisories/31982
reference_id
reference_type
scores
url	http://secunia.com/advisories/31982

reference_url	http://secunia.com/advisories/32120
reference_id
reference_type
scores
url	http://secunia.com/advisories/32120

reference_url	http://secunia.com/advisories/32222
reference_id
reference_type
scores
url	http://secunia.com/advisories/32222

reference_url	http://secunia.com/advisories/32266
reference_id
reference_type
scores
url	http://secunia.com/advisories/32266

reference_url	http://secunia.com/advisories/33797
reference_id
reference_type
scores
url	http://secunia.com/advisories/33797

reference_url	http://secunia.com/advisories/33999
reference_id
reference_type
scores
url	http://secunia.com/advisories/33999

reference_url	http://secunia.com/advisories/34013
reference_id
reference_type
scores
url	http://secunia.com/advisories/34013

reference_url	http://secunia.com/advisories/35474
reference_id
reference_type
scores
url	http://secunia.com/advisories/35474

reference_url	http://secunia.com/advisories/36108
reference_id
reference_type
scores
url	http://secunia.com/advisories/36108

reference_url	http://secunia.com/advisories/37460
reference_id
reference_type
scores
url	http://secunia.com/advisories/37460

reference_url	http://secunia.com/advisories/57126
reference_id
reference_type
scores
url	http://secunia.com/advisories/57126

reference_url	http://securityreason.com/securityalert/4098
reference_id
reference_type
scores
url	http://securityreason.com/securityalert/4098

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44155
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44155

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985

reference_url	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500
reference_id
reference_type
scores
url	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500

reference_url	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095
reference_id
reference_type
scores
url	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095

reference_url	http://support.apple.com/kb/HT3216
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT3216

reference_url	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
reference_id
reference_type
scores
url	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

reference_url	http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-4.html

reference_url	http://tomcat.apache.org/security-5.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-5.html

reference_url	http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url	http://tomcat.apache.org/security-6.html

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0648.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0648.html

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0862.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0862.html

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0864.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0864.html

reference_url	http://www.securityfocus.com/archive/1/495021/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/495021/100/0/threaded

reference_url	http://www.securityfocus.com/archive/1/504351/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/504351/100/0/threaded

reference_url	http://www.securityfocus.com/archive/1/505556/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/505556/100/0/threaded

reference_url	http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/507985/100/0/threaded

reference_url	http://www.securityfocus.com/bid/30496
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/30496

reference_url	http://www.securityfocus.com/bid/31681
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/31681

reference_url	http://www.securitytracker.com/id?1020622
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1020622

reference_url	http://www.vmware.com/security/advisories/VMSA-2009-0002.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2009-0002.html

reference_url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
reference_id
reference_type
scores
url	http://www.vmware.com/security/advisories/VMSA-2009-0016.html

reference_url	http://www.vupen.com/english/advisories/2008/2305
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2305

reference_url	http://www.vupen.com/english/advisories/2008/2780
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2780

reference_url	http://www.vupen.com/english/advisories/2008/2823
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2823

reference_url	http://www.vupen.com/english/advisories/2009/0320
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/0320

reference_url	http://www.vupen.com/english/advisories/2009/0503
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/0503

reference_url	http://www.vupen.com/english/advisories/2009/1609
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/1609

reference_url	http://www.vupen.com/english/advisories/2009/2194
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/2194

reference_url	http://www.vupen.com/english/advisories/2009/3316
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/3316

reference_url	https://access.redhat.com/security/cve/CVE-2008-1232
reference_id	CVE-2008-1232
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2008-1232

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2008-1232
reference_id	CVE-2008-1232
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2008-1232

reference_url	https://github.com/advisories/GHSA-q74x-qqhr-f8rx
reference_id	GHSA-q74x-qqhr-f8rx
reference_type
scores
url	https://github.com/advisories/GHSA-q74x-qqhr-f8rx

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat@4.1.38
purl	pkg:maven/org.apache.tomcat/tomcat@4.1.38
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.38

url pkg:maven/org.apache.tomcat/tomcat@5.5.27

purl pkg:maven/org.apache.tomcat/tomcat@5.5.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eygg-nt7y-qubh

vulnerability	VCID-hmqa-jhuf-hfe2

vulnerability	VCID-rdr4-db3y-p3cz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.27

url	pkg:maven/org.apache.tomcat/tomcat@6.0.17
purl	pkg:maven/org.apache.tomcat/tomcat@6.0.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.17

aliases CVE-2008-1232, GHSA-q74x-qqhr-f8rx

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg7f-pjmn-uudk

url VCID-yswq-hnqg-sycs

vulnerability_id VCID-yswq-hnqg-sycs

summary

Apache Tomcat Cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to `host-manager/html/add`.

references

reference_url	https://access.redhat.com/errata/RHSA-2008:0648
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0648

reference_url	https://access.redhat.com/errata/RHSA-2008:0862
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0862

reference_url	https://access.redhat.com/errata/RHSA-2008:0864
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0864

reference_url	https://access.redhat.com/errata/RHSA-2008:1007
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:1007

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=446393
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=446393

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/42816
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/42816

reference_url	https://github.com/apache/tomcat
reference_id
reference_type
scores
url	https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab

reference_url	https://github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030

reference_url	https://github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a

reference_url	https://github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
reference_id
reference_type
scores
url	https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009

reference_url	https://web.archive.org/web/20200514224656/http://www.securityfocus.com/archive/1/507985/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20200514224656/http://www.securityfocus.com/archive/1/507985/100/0/threaded

reference_url	https://web.archive.org/web/20201208011750/http://www.securityfocus.com/archive/1/492958/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20201208011750/http://www.securityfocus.com/archive/1/492958/100/0/threaded

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

reference_url	https://access.redhat.com/security/cve/CVE-2008-1947
reference_id	CVE-2008-1947
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2008-1947

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2008-1947
reference_id	CVE-2008-1947
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2008-1947

reference_url	https://github.com/advisories/GHSA-f98p-9pp6-7q6c
reference_id	GHSA-f98p-9pp6-7q6c
reference_type
scores
url	https://github.com/advisories/GHSA-f98p-9pp6-7q6c

fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@5.5.27

purl pkg:maven/org.apache.tomcat/tomcat@5.5.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eygg-nt7y-qubh

vulnerability	VCID-hmqa-jhuf-hfe2

vulnerability	VCID-rdr4-db3y-p3cz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.27

url pkg:maven/org.apache.tomcat/tomcat@6.0.18

purl pkg:maven/org.apache.tomcat/tomcat@6.0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hmqa-jhuf-hfe2

vulnerability	VCID-rdr4-db3y-p3cz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.18

aliases CVE-2008-1947, GHSA-f98p-9pp6-7q6c

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yswq-hnqg-sycs

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@5.5.27

Package Instance