Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-w632-npc7-h7hs
Summary
Exposure of Sensitive Information to an Unauthorized Actor
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
Aliases
0
alias CVE-2005-4836
1
alias GHSA-qrcx-p4rr-g48h
Fixed_packages
Affected_packages
0
url pkg:apache/tomcat@4.1.0%2BSVN
purl pkg:apache/tomcat@4.1.0%2BSVN
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w632-npc7-h7hs
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@4.1.0%252BSVN
1
url pkg:apache/tomcat@4.1.15
purl pkg:apache/tomcat@4.1.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w632-npc7-h7hs
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@4.1.15
2
url pkg:maven/org.apache.tomcat/tomcat@4.1.SVN
purl pkg:maven/org.apache.tomcat/tomcat@4.1.SVN
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w632-npc7-h7hs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.SVN
3
url pkg:maven/org.apache.tomcat/tomcat@4.1.15
purl pkg:maven/org.apache.tomcat/tomcat@4.1.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w632-npc7-h7hs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.15
4
url pkg:maven/org.apache.tomcat/tomcat@4.1.40
purl pkg:maven/org.apache.tomcat/tomcat@4.1.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w632-npc7-h7hs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.40
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2005-4836
reference_id
reference_type
scores
0
value 0.00953
scoring_system epss
scoring_elements 0.76755
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2005-4836
1
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
4
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://tomcat.apache.org/security-4.html
5
reference_url http://www.securityfocus.com/bid/28483
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/28483
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836
reference_id CVE-2005-4836
reference_type
scores
0
value Moderate
scoring_system apache_tomcat
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2005-4836
reference_id CVE-2005-4836
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2005-4836
8
reference_url https://github.com/advisories/GHSA-qrcx-p4rr-g48h
reference_id GHSA-qrcx-p4rr-g48h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrcx-p4rr-g48h
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-w632-npc7-h7hs