Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@8.0.31
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version8.0.31
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.0.32
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-e2gy-1c6a-6fdf
vulnerability_id VCID-e2gy-1c6a-6fdf
summary 
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
3
reference_url http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1089.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-2046.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2046.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2016-2807.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2807.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2016-2808.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2808.html
8
reference_url https://access.redhat.com/errata/RHSA-2016:1087
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1087
9
reference_url https://access.redhat.com/errata/RHSA-2016:1088
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1088
10
reference_url https://bto.bluecoat.com/security-advisory/sa118
reference_id
reference_type
scores
url https://bto.bluecoat.com/security-advisory/sa118
11
reference_url https://bz.apache.org/bugzilla/show_bug.cgi?id=58809
reference_id
reference_type
scores
url https://bz.apache.org/bugzilla/show_bug.cgi?id=58809
12
reference_url http://seclists.org/bugtraq/2016/Feb/143
reference_id
reference_type
scores
url http://seclists.org/bugtraq/2016/Feb/143
13
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
14
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
15
reference_url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
16
reference_url https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201705-09
17
reference_url https://security.netapp.com/advisory/ntap-20180531-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180531-0001/
18
reference_url http://svn.apache.org/viewvc?view=revision&revision=1713184
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1713184
19
reference_url http://svn.apache.org/viewvc?view=revision&revision=1713185
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1713185
20
reference_url http://svn.apache.org/viewvc?view=revision&revision=1713187
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1713187
21
reference_url http://svn.apache.org/viewvc?view=revision&revision=1723414
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1723414
22
reference_url http://svn.apache.org/viewvc?view=revision&revision=1723506
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1723506
23
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-7.html
24
reference_url http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-8.html
25
reference_url http://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-9.html
26
reference_url http://www.debian.org/security/2016/dsa-3530
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3530
27
reference_url http://www.debian.org/security/2016/dsa-3552
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3552
28
reference_url http://www.debian.org/security/2016/dsa-3609
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3609
29
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
30
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
31
reference_url http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
32
reference_url http://www.ubuntu.com/usn/USN-3024-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3024-1
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5346
reference_id CVE-2015-5346
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-5346
34
reference_url https://github.com/advisories/GHSA-jrcp-c39h-r29x
reference_id GHSA-jrcp-c39h-r29x
reference_type
scores
url https://github.com/advisories/GHSA-jrcp-c39h-r29x
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@7.0.66
purl pkg:maven/org.apache.tomcat/tomcat@7.0.66
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.66
1
url pkg:maven/org.apache.tomcat/tomcat@8.0.31
purl pkg:maven/org.apache.tomcat/tomcat@8.0.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.31
2
url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2
purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j1m6-79yt-f7h5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2
aliases CVE-2015-5346, GHSA-jrcp-c39h-r29x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2gy-1c6a-6fdf
1
url VCID-fukm-h3r6-s7cr
vulnerability_id VCID-fukm-h3r6-s7cr
summary 
Cross-Site Request Forgery (CSRF)
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5351
reference_id CVE-2015-5351
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-5351
1
reference_url https://github.com/advisories/GHSA-w7cg-5969-678w
reference_id GHSA-w7cg-5969-678w
reference_type
scores
url https://github.com/advisories/GHSA-w7cg-5969-678w
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@7.0.68
purl pkg:maven/org.apache.tomcat/tomcat@7.0.68
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.68
1
url pkg:maven/org.apache.tomcat/tomcat@8.0.31
purl pkg:maven/org.apache.tomcat/tomcat@8.0.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.31
2
url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2
purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j1m6-79yt-f7h5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2
aliases CVE-2015-5351, GHSA-w7cg-5969-678w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fukm-h3r6-s7cr
2
url VCID-n4zk-mdyw-3fcz
vulnerability_id VCID-n4zk-mdyw-3fcz
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
4
reference_url http://marc.info/?l=bugtraq&m=145974991225029&w=2
reference_id
reference_type
scores
url http://marc.info/?l=bugtraq&m=145974991225029&w=2
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-2045.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2045.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2016-2599.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2599.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2016-2807.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2807.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2016-2808.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2808.html
9
reference_url https://access.redhat.com/errata/RHSA-2016:1087
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1087
10
reference_url https://access.redhat.com/errata/RHSA-2016:1088
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1088
11
reference_url http://seclists.org/bugtraq/2016/Feb/144
reference_id
reference_type
scores
url http://seclists.org/bugtraq/2016/Feb/144
12
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
13
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
14
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
15
reference_url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
22
reference_url https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201705-09
23
reference_url https://security.netapp.com/advisory/ntap-20180531-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180531-0001/
24
reference_url http://svn.apache.org/viewvc?view=revision&revision=1722799
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1722799
25
reference_url http://svn.apache.org/viewvc?view=revision&revision=1722800
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1722800
26
reference_url http://svn.apache.org/viewvc?view=revision&revision=1722801
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1722801
27
reference_url http://svn.apache.org/viewvc?view=revision&revision=1722802
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1722802
28
reference_url http://tomcat.apache.org/security-6.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-6.html
29
reference_url http://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-7.html
30
reference_url http://tomcat.apache.org/security-8.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-8.html
31
reference_url http://tomcat.apache.org/security-9.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-9.html
32
reference_url http://www.debian.org/security/2016/dsa-3530
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3530
33
reference_url http://www.debian.org/security/2016/dsa-3552
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3552
34
reference_url http://www.debian.org/security/2016/dsa-3609
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3609
35
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
36
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
37
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
38
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
39
reference_url http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
40
reference_url http://www.ubuntu.com/usn/USN-3024-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3024-1
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0706
reference_id CVE-2016-0706
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-0706
42
reference_url https://github.com/advisories/GHSA-6vx3-hr43-cfrh
reference_id GHSA-6vx3-hr43-cfrh
reference_type
scores
url https://github.com/advisories/GHSA-6vx3-hr43-cfrh
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@6.0.45
purl pkg:maven/org.apache.tomcat/tomcat@6.0.45
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s37s-p75k-27e6
1
vulnerability VCID-tcmv-6ftg-fqen
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@6.0.45
1
url pkg:maven/org.apache.tomcat/tomcat@8.0.31
purl pkg:maven/org.apache.tomcat/tomcat@8.0.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.31
2
url pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2
purl pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j1m6-79yt-f7h5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M2
aliases CVE-2016-0706, GHSA-6vx3-hr43-cfrh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4zk-mdyw-3fcz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.31