Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.41

Type maven

Namespace org.apache.tomcat

Name tomcat-catalina

Version 8.0.41

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 8.5.3

Latest_non_vulnerable_version 11.0.15

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-xa95-zsnk-3kg9

vulnerability_id VCID-xa95-zsnk-3kg9

summary

Information Exposure
A bug in the error handling of the NIO HTTP connector in Apache Tomcat resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0457.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0457.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0527.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0527.html

reference_url	https://access.redhat.com/errata/RHSA-2017:0455
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0455

reference_url	https://access.redhat.com/errata/RHSA-2017:0456
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0456

reference_url	https://access.redhat.com/errata/RHSA-2017:0935
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0935

reference_url	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

reference_url	https://security.gentoo.org/glsa/201705-09
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201705-09

reference_url	https://security.netapp.com/advisory/ntap-20180607-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180607-0002/

reference_url	http://www.debian.org/security/2017/dsa-3754
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3754

reference_url	http://www.debian.org/security/2017/dsa-3755
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3755

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

reference_url	http://www.securityfocus.com/bid/94828
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94828

reference_url	http://www.securitytracker.com/id/1037432
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037432

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-8745
reference_id	CVE-2016-8745
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-8745

reference_url	https://github.com/advisories/GHSA-w3j5-q8f2-3cqq
reference_id	GHSA-w3j5-q8f2-3cqq
reference_type
scores
url	https://github.com/advisories/GHSA-w3j5-q8f2-3cqq

fixed_packages

url	pkg:maven/org.apache.tomcat/tomcat-catalina@6.0.50
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@6.0.50
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@6.0.50

url	pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.75
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.75
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.75

url	pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.41
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.41
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.41

url	pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.9
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.9

url	pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M14
purl	pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M14

aliases CVE-2016-8745, GHSA-w3j5-q8f2-3cqq

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa95-zsnk-3kg9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.41

Package Instance