Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apache/tomcat@4.0.5

Type apache

Namespace

Name tomcat

Version 4.0.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.1.3

Latest_non_vulnerable_version 11.0.22

Affected_by_vulnerabilities

url VCID-284n-4e5d-d7gt

vulnerability_id VCID-284n-4e5d-d7gt

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2002-0682

reference_id

reference_type

scores

value	0.83058
scoring_system	epss
scoring_elements	0.99274
published_at	2026-06-04T12:55:00Z

value	0.83058
scoring_system	epss
scoring_elements	0.99275
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2002-0682

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0682

reference_id

CVE-2002-0682

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0682

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/21604.txt
reference_id	CVE-2002-0682;OSVDB-4973
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/21604.txt

reference_url	https://www.securityfocus.com/bid/5193/info
reference_id	CVE-2002-0682;OSVDB-4973
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/5193/info

fixed_packages

url	pkg:apache/tomcat@4.1.13
purl	pkg:apache/tomcat@4.1.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@4.1.13

aliases CVE-2002-0682

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-284n-4e5d-d7gt

url VCID-rpqh-1b8p-dqcy

vulnerability_id VCID-rpqh-1b8p-dqcy

summary

Apache Tomcat Source Code Disclosure
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

references

reference_url

http://issues.apache.org/bugzilla/show_bug.cgi?id=13365

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://issues.apache.org/bugzilla/show_bug.cgi?id=13365

reference_url

http://marc.info/?l=bugtraq&m=103470282514938&w=2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://marc.info/?l=bugtraq&m=103470282514938&w=2

reference_url

http://marc.info/?l=tomcat-dev&m=103417249325526&w=2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://marc.info/?l=tomcat-dev&m=103417249325526&w=2

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1394.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1394.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2002-1394

reference_id

reference_type

scores

value	0.05353
scoring_system	epss
scoring_elements	0.90257
published_at	2026-06-05T12:55:00Z

value	0.05353
scoring_system	epss
scoring_elements	0.90241
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2002-1394

reference_url

https://archive.apache.org/dist/tomcat/tomcat-4/archive/v4.0.6/README.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://archive.apache.org/dist/tomcat/tomcat-4/archive/v4.0.6/README.html

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/10376

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/10376

reference_url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@<dev.tomcat.apache.org>

reference_url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@<dev.tomcat.apache.org>

reference_url

https://web.archive.org/web/20030412075128/http://rhn.redhat.com/errata/RHSA-2003-075.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20030412075128/http://rhn.redhat.com/errata/RHSA-2003-075.html

reference_url

https://web.archive.org/web/20030705143220/http://www.securityfocus.com/bid/6562

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20030705143220/http://www.securityfocus.com/bid/6562

reference_url

https://web.archive.org/web/20041024213235/http://rhn.redhat.com/errata/RHSA-2003-082.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20041024213235/http://rhn.redhat.com/errata/RHSA-2003-082.html

reference_url

https://web.archive.org/web/20070430073829/http://www.debian.org/security/2003/dsa-225

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20070430073829/http://www.debian.org/security/2003/dsa-225

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1616907
reference_id	1616907
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1616907

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394

reference_id

CVE-2002-1394

reference_type

scores

value	Important
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2002-1394

reference_id

CVE-2002-1394

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2002-1394

reference_url

https://github.com/advisories/GHSA-8v5p-2cpv-c2x6

reference_id

GHSA-8v5p-2cpv-c2x6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8v5p-2cpv-c2x6

reference_url	https://access.redhat.com/errata/RHSA-2003:075
reference_id	RHSA-2003:075
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2003:075

reference_url	https://access.redhat.com/errata/RHSA-2003:082
reference_id	RHSA-2003:082
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2003:082

fixed_packages

url	pkg:apache/tomcat@4.1.13
purl	pkg:apache/tomcat@4.1.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@4.1.13

aliases CVE-2002-1394, GHSA-8v5p-2cpv-c2x6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rpqh-1b8p-dqcy

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@4.0.5

Package Instance