{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38757?format=json","vulnerability_id":"VCID-u95s-xhwk-vka6","summary":"Insufficient Verification of Data Authenticity\nThe CORS Filter in Apache Tomcat did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.","aliases":[{"alias":"CVE-2017-7674"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53964?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.79","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q1cf-qg1v-3ybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.79"},{"url":"http://public2.vulnerablecode.io/api/packages/53965?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q1cf-qg1v-3ybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.45"},{"url":"http://public2.vulnerablecode.io/api/packages/53966?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q1cf-qg1v-3ybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/53967?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q1cf-qg1v-3ybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/53931?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.79","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fn4-hnez-y3eb"},{"vulnerability":"VCID-et9y-m4hb-43h7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.79"},{"url":"http://public2.vulnerablecode.io/api/packages/53932?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/53933?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M22"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53955?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q7g1-m4e7-pya4"},{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.41"},{"url":"http://public2.vulnerablecode.io/api/packages/53956?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3txt-1psa-5kf5"},{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/53957?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.52"},{"url":"http://public2.vulnerablecode.io/api/packages/53958?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@7.0.78","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.78"},{"url":"http://public2.vulnerablecode.io/api/packages/53959?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/53960?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.44"},{"url":"http://public2.vulnerablecode.io/api/packages/53961?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kgu-zupu-tydw"},{"vulnerability":"VCID-3nsr-9s9y-ckft"},{"vulnerability":"VCID-4nx6-t8vd-bqcu"},{"vulnerability":"VCID-59dd-qzpt-aucm"},{"vulnerability":"VCID-6umz-z8db-kqcy"},{"vulnerability":"VCID-dast-z2hv-2yfe"},{"vulnerability":"VCID-dbu6-fhrs-aubn"},{"vulnerability":"VCID-dk58-p9py-rka9"},{"vulnerability":"VCID-g3vd-74yh-s7bn"},{"vulnerability":"VCID-gmjm-6ck2-skgu"},{"vulnerability":"VCID-hqzu-shyu-j3hp"},{"vulnerability":"VCID-jzta-navk-87bn"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-nxb3-55eu-auhp"},{"vulnerability":"VCID-q7g1-m4e7-pya4"},{"vulnerability":"VCID-qth9-7326-hffp"},{"vulnerability":"VCID-rk89-9dw5-w3gg"},{"vulnerability":"VCID-rtmv-qetu-yqfa"},{"vulnerability":"VCID-s37s-p75k-27e6"},{"vulnerability":"VCID-se44-f85s-xyex"},{"vulnerability":"VCID-tcmv-6ftg-fqen"},{"vulnerability":"VCID-u95s-xhwk-vka6"},{"vulnerability":"VCID-vu84-dfwa-z3dg"},{"vulnerability":"VCID-wmb3-3j7y-due7"},{"vulnerability":"VCID-xns8-63b5-guf2"},{"vulnerability":"VCID-y9hs-ymcm-3ucx"},{"vulnerability":"VCID-zba8-2zc4-9qfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/53962?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dast-z2hv-2yfe"},{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.15"},{"url":"http://public2.vulnerablecode.io/api/packages/53963?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59dd-qzpt-aucm"},{"vulnerability":"VCID-8xdc-3kn9-b3e6"},{"vulnerability":"VCID-dbu6-fhrs-aubn"},{"vulnerability":"VCID-dk58-p9py-rka9"},{"vulnerability":"VCID-fqyx-8pgs-uqgg"},{"vulnerability":"VCID-g3vd-74yh-s7bn"},{"vulnerability":"VCID-nxb3-55eu-auhp"},{"vulnerability":"VCID-q1cf-qg1v-3ybr"},{"vulnerability":"VCID-q7g1-m4e7-pya4"},{"vulnerability":"VCID-qth9-7326-hffp"},{"vulnerability":"VCID-rtmv-qetu-yqfa"},{"vulnerability":"VCID-u95s-xhwk-vka6"},{"vulnerability":"VCID-vu84-dfwa-z3dg"},{"vulnerability":"VCID-wmb3-3j7y-due7"},{"vulnerability":"VCID-xns8-63b5-guf2"},{"vulnerability":"VCID-zba8-2zc4-9qfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/53923?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7"},{"url":"http://public2.vulnerablecode.io/api/packages/53924?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.78","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.78"},{"url":"http://public2.vulnerablecode.io/api/packages/53925?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8"},{"url":"http://public2.vulnerablecode.io/api/packages/53926?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.0.44"},{"url":"http://public2.vulnerablecode.io/api/packages/53927?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53928?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.15"},{"url":"http://public2.vulnerablecode.io/api/packages/53930?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u95s-xhwk-vka6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M21"},{"url":"http://public2.vulnerablecode.io/api/packages/53929?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6umz-z8db-kqcy"},{"vulnerability":"VCID-7fh9-36qs-jfg5"},{"vulnerability":"VCID-jzta-navk-87bn"},{"vulnerability":"VCID-u95s-xhwk-vka6"},{"vulnerability":"VCID-xa95-zsnk-3kg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0.M1"}],"references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480618","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480618"},{"reference_url":"https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"https://tomcat.apache.org/security-8.html","reference_id":"","reference_type":"","scores":[],"url":"https://tomcat.apache.org/security-8.html"},{"reference_url":"http://www.securityfocus.com/bid/100280","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100280"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7674","reference_id":"CVE-2017-7674","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7674"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":345,"name":"Insufficient Verification of Data Authenticity","description":"The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u95s-xhwk-vka6"}