Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tomcat/tomcat@10.1.52
Typemaven
Namespaceorg.apache.tomcat
Nametomcat
Version10.1.52
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version11.0.0-M11
Latest_non_vulnerable_version11.0.18
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-s93z-rmw7-5bcw
vulnerability_id VCID-s93z-rmw7-5bcw
summary 
Apache Tomcat Native OCSP verification bypass
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.

When using an OCSP responder, Tomcat Native did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.

The vulnerable code is in the process_ocsp_response() function in sslutils.c, which was missing calls to OCSP_basic_verify(), OCSP_check_validity(), and OCSP_check_nonce().

This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39.

Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.
references
0
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
url https://github.com/apache/tomcat
1
reference_url https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml
reference_id
reference_type
scores
url https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24734
reference_id CVE-2026-24734
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-24734
3
reference_url https://github.com/advisories/GHSA-mgp5-rv84-w37q
reference_id GHSA-mgp5-rv84-w37q
reference_type
scores
url https://github.com/advisories/GHSA-mgp5-rv84-w37q
fixed_packages
0
url pkg:maven/org.apache.tomcat/tomcat@9.0.115
purl pkg:maven/org.apache.tomcat/tomcat@9.0.115
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.115
1
url pkg:maven/org.apache.tomcat/tomcat@10.1.52
purl pkg:maven/org.apache.tomcat/tomcat@10.1.52
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52
2
url pkg:maven/org.apache.tomcat/tomcat@11.0.18
purl pkg:maven/org.apache.tomcat/tomcat@11.0.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.18
aliases CVE-2026-24734, GHSA-mgp5-rv84-w37q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s93z-rmw7-5bcw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52