Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/151237?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/151237?format=api", "purl": "pkg:rpm/redhat/eap7-wildfly@7.0.9-4.GA_redhat_3.1.ep7?arch=el7", "type": "rpm", "namespace": "redhat", "name": "eap7-wildfly", "version": "7.0.9-4.GA_redhat_3.1.ep7", "qualifiers": { "arch": "el7" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111168?format=api", "vulnerability_id": "VCID-1ppw-bka2-qbdy", "summary": "jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12189.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15641", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15721", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15713", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12189" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499631", "reference_id": "1499631", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499631" } ], "fixed_packages": [], "aliases": [ "CVE-2017-12189" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ppw-bka2-qbdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111529?format=api", "vulnerability_id": "VCID-k2d4-d6dd-wkb9", "summary": "EAP-7: Wrong privileges on multiple property files", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16411", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16493", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1649", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491612", "reference_id": "1491612", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491612" } ], "fixed_packages": [], "aliases": [ "CVE-2017-12167" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2d4-d6dd-wkb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43558?format=api", "vulnerability_id": "VCID-kbwr-xd1h-sbbs", "summary": "Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP\nRed Hat JBoss EAP version 3.0.7.Final until 3.0.25.Final, 3.5.0.CR1, and 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0478", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0479", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0480", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0481", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0481" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7561.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7561.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.78138", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.78145", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.78112", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7561" }, { "reference_url": "https://github.com/resteasy/Resteasy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy" }, { "reference_url": "https://issues.jboss.org/browse/RESTEASY-1704", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/RESTEASY-1704" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483823", "reference_id": "1483823", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483823" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873392", "reference_id": "873392", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873392" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908836", "reference_id": "908836", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908836" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7561", "reference_id": "CVE-2017-7561", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7561" }, { "reference_url": "https://github.com/advisories/GHSA-57q5-x8jf-g7h8", "reference_id": "GHSA-57q5-x8jf-g7h8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-57q5-x8jf-g7h8" } ], "fixed_packages": [], "aliases": [ "CVE-2017-7561", "GHSA-57q5-x8jf-g7h8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbwr-xd1h-sbbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38207?format=api", "vulnerability_id": "VCID-pj5d-vfar-q7ac", "summary": "Uncontrolled Resource Consumption\nRESTEasy enables `GZIPInterceptor`, which allows remote attackers to cause a denial of service via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79148", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79142", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.79116", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6346" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372120", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6346" }, { "reference_url": "https://github.com/resteasy/Resteasy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy" }, { "reference_url": "https://github.com/resteasy/resteasy/pull/1303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/resteasy/pull/1303" }, { "reference_url": "https://issues.jboss.org/browse/JBEAP-11180", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/JBEAP-11180" }, { "reference_url": "http://www.securityfocus.com/bid/92744", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/92744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170", "reference_id": "837170", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6346", "reference_id": "CVE-2016-6346", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0517", "reference_id": "RHSA-2017:0517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0826", "reference_id": "RHSA-2017:0826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0827", "reference_id": "RHSA-2017:0827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0828", "reference_id": "RHSA-2017:0828", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0829", "reference_id": "RHSA-2017:0829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0829" }, { "reference_url": "https://usn.ubuntu.com/7630-1/", "reference_id": "USN-7630-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7630-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2016-6346", "GHSA-wxvr-vqfp-9cqw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pj5d-vfar-q7ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39289?format=api", "vulnerability_id": "VCID-pkzf-4u9a-c3hq", "summary": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nInvalid characters are allowed in query strings and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78679", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78671", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01128", "scoring_system": "epss", "scoring_elements": "0.78644", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7559" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://issues.jboss.org/browse/UNDERTOW-1251", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/UNDERTOW-1251" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1481665", "reference_id": "1481665", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1481665" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576", "reference_id": "885576", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7559", "reference_id": "CVE-2017-7559", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7559" }, { "reference_url": "https://github.com/advisories/GHSA-rj76-h87p-r3wf", "reference_id": "GHSA-rj76-h87p-r3wf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rj76-h87p-r3wf" } ], "fixed_packages": [], "aliases": [ "CVE-2017-7559", "GHSA-rj76-h87p-r3wf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkzf-4u9a-c3hq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40122?format=api", "vulnerability_id": "VCID-vwcx-hrtg-pygs", "summary": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nIt was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78343", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78377", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78369", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12165" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-1251", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-1251" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490301", "reference_id": "1490301", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490301" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338", "reference_id": "885338", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12165", "reference_id": "CVE-2017-12165", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12165" }, { "reference_url": "https://github.com/advisories/GHSA-5gg7-5wv8-4gcj", "reference_id": "GHSA-5gg7-5wv8-4gcj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5gg7-5wv8-4gcj" } ], "fixed_packages": [], "aliases": [ "CVE-2017-12165", "GHSA-5gg7-5wv8-4gcj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vwcx-hrtg-pygs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39042?format=api", "vulnerability_id": "VCID-zseq-ezs2-wbhu", "summary": "Remote code execution is possible in Apache Solr.", "references": [ { "reference_url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E" }, { "reference_url": "http://openwall.com/lists/oss-security/2017/10/13/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2017/10/13/1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3123", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3124", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3244", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3451", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3452", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0005" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93891", "scoring_system": "epss", "scoring_elements": "0.99884", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163" }, { "reference_url": "https://github.com/advisories/GHSA-mh7g-99w9-xpjm", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mh7g-99w9-xpjm" }, { "reference_url": "https://github.com/apache/lucene", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/lucene" }, { "reference_url": "https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2" }, { "reference_url": "https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc" }, { "reference_url": "https://github.com/apache/lucene-solr/commit/d28baa3fc5566b47f1ca7cc2ba1aba658dc634a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/lucene-solr/commit/d28baa3fc5566b47f1ca7cc2ba1aba658dc634a" }, { "reference_url": "https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1" }, { "reference_url": "https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268" }, { "reference_url": "https://github.com/AsyncHttpClient/async-http-client/issues/1455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/AsyncHttpClient/async-http-client/issues/1455" }, { "reference_url": "https://issues.apache.org/jira/browse/SOLR-11477", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/SOLR-11477" }, { "reference_url": "https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html" }, { "reference_url": "https://s.apache.org/FJDl", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://s.apache.org/FJDl" }, { "reference_url": "https://twitter.com/ApacheSolr/status/918731485611401216", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://twitter.com/ApacheSolr/status/918731485611401216" }, { "reference_url": "https://twitter.com/joshbressers/status/919258716297420802", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://twitter.com/joshbressers/status/919258716297420802" }, { "reference_url": "https://twitter.com/searchtools_avi/status/918904813613543424", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://twitter.com/searchtools_avi/status/918904813613543424" }, { "reference_url": "https://usn.ubuntu.com/4259-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4259-1" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4124", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4124" }, { "reference_url": "https://www.exploit-db.com/exploits/43009", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/43009" }, { "reference_url": "https://www.exploit-db.com/exploits/43009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/43009/" }, { "reference_url": "http://www.securityfocus.com/bid/101261", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/101261" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529", "reference_id": "1501529", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/xml/webapps/43009.txt", "reference_id": "CVE-2017-12629", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/xml/webapps/43009.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629", "reference_id": "CVE-2017-12629", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629" }, { "reference_url": "http://www.cvedetails.com/cve/CVE-2017-12629/", "reference_id": "CVE-2017-12629", "reference_type": "", "scores": [], "url": "http://www.cvedetails.com/cve/CVE-2017-12629/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2561", "reference_id": "RHSA-2020:2561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1334", "reference_id": "RHSA-2023:1334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1334" }, { "reference_url": "https://usn.ubuntu.com/4259-1/", "reference_id": "USN-4259-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4259-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2017-12629", "GHSA-mh7g-99w9-xpjm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zseq-ezs2-wbhu" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.0.9-4.GA_redhat_3.1.ep7%3Farch=el7" }