Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-sjn3-a6fs-gyck
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
Aliases
0
alias CVE-2007-3383
1
alias GHSA-wjwr-3jch-479j
Fixed_packages
Affected_packages
0
url pkg:maven/org.apache.tomcat/tomcat@4.0.0
purl pkg:maven/org.apache.tomcat/tomcat@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2af1-rv9j-jugv
1
vulnerability VCID-2jws-wtvg-2khf
2
vulnerability VCID-aywp-amq3-yyes
3
vulnerability VCID-ccfn-tde4-s7hr
4
vulnerability VCID-hxer-p6va-7kdh
5
vulnerability VCID-kxc3-vz2c-wqca
6
vulnerability VCID-sjn3-a6fs-gyck
7
vulnerability VCID-w8uj-zy2r-fyca
8
vulnerability VCID-wpnp-3yad-ybcj
9
vulnerability VCID-zam7-79x3-ekg3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.0
1
url pkg:maven/org.apache.tomcat/tomcat@4.0.6
purl pkg:maven/org.apache.tomcat/tomcat@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jws-wtvg-2khf
1
vulnerability VCID-96yu-fvee-wfbs
2
vulnerability VCID-kxc3-vz2c-wqca
3
vulnerability VCID-sjn3-a6fs-gyck
4
vulnerability VCID-w8uj-zy2r-fyca
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.0.6
2
url pkg:maven/org.apache.tomcat/tomcat@4.1.0
purl pkg:maven/org.apache.tomcat/tomcat@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2af1-rv9j-jugv
1
vulnerability VCID-2jws-wtvg-2khf
2
vulnerability VCID-5jm8-9upn-g7f4
3
vulnerability VCID-7787-4bwm-efgq
4
vulnerability VCID-96yu-fvee-wfbs
5
vulnerability VCID-ccfn-tde4-s7hr
6
vulnerability VCID-crhe-rt8j-wycu
7
vulnerability VCID-eygg-nt7y-qubh
8
vulnerability VCID-hmqa-jhuf-hfe2
9
vulnerability VCID-kxc3-vz2c-wqca
10
vulnerability VCID-qz87-x4zb-rud7
11
vulnerability VCID-rdr4-db3y-p3cz
12
vulnerability VCID-sjn3-a6fs-gyck
13
vulnerability VCID-t4mh-zvhq-27du
14
vulnerability VCID-wg7f-pjmn-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.0
3
url pkg:maven/org.apache.tomcat/tomcat@4.1.36
purl pkg:maven/org.apache.tomcat/tomcat@4.1.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96yu-fvee-wfbs
1
vulnerability VCID-qz87-x4zb-rud7
2
vulnerability VCID-sjn3-a6fs-gyck
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.36
References
0
reference_url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
url http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
1
reference_url http://seclists.org/fulldisclosure/2007/Jul/0448.html
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2007/Jul/0448.html
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/35536
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/35536
3
reference_url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
6
reference_url http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
url http://support.apple.com/kb/HT2163
7
reference_url http://tomcat.apache.org/security-4.html
reference_id
reference_type
scores
url http://tomcat.apache.org/security-4.html
8
reference_url http://www.kb.cert.org/vuls/id/862600
reference_id
reference_type
scores
url http://www.kb.cert.org/vuls/id/862600
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-3383
reference_id CVE-2007-3383
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2007-3383
10
reference_url https://github.com/advisories/GHSA-wjwr-3jch-479j
reference_id GHSA-wjwr-3jch-479j
reference_type
scores
url https://github.com/advisories/GHSA-wjwr-3jch-479j
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-sjn3-a6fs-gyck