Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/eap7-undertow@1.3.28-4.Final_redhat_4.1.ep7?arch=el7
Typerpm
Namespaceredhat
Nameeap7-undertow
Version1.3.28-4.Final_redhat_4.1.ep7
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-387y-knja-ukh8
vulnerability_id VCID-387y-knja-ukh8
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
It was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2666
reference_id
reference_type
scores
0
value 0.01394
scoring_system epss
scoring_elements 0.8072
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2666
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666
4
reference_url https://github.com/advisories/GHSA-mcfm-h73v-635m
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mcfm-h73v-635m
5
reference_url http://www.securityfocus.com/bid/98966
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98966
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1436163
reference_id 1436163
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1436163
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id 864405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2666
reference_id CVE-2017-2666
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2666
9
reference_url https://access.redhat.com/errata/RHSA-2017:1409
reference_id RHSA-2017:1409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1409
fixed_packages
aliases CVE-2017-2666, GHSA-mcfm-h73v-635m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-387y-knja-ukh8
1
url VCID-9v45-vygq-eugz
vulnerability_id VCID-9v45-vygq-eugz
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
With non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
reference_id
reference_type
scores
0
value 0.05972
scoring_system epss
scoring_elements 0.90827
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
4
reference_url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
5
reference_url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
6
reference_url http://www.securityfocus.com/bid/98965
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98965
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1438885
reference_id 1438885
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1438885
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id 864405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
reference_id CVE-2017-2670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
10
reference_url https://access.redhat.com/errata/RHSA-2017:1409
reference_id RHSA-2017:1409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1409
fixed_packages
aliases CVE-2017-2670, GHSA-3x7h-5hfr-hvjm
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v45-vygq-eugz
2
url VCID-mqkk-a3w9-nkgc
vulnerability_id VCID-mqkk-a3w9-nkgc
summary wildfly: Arbitrary file read via path traversal
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2595.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2595.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2595
reference_id
reference_type
scores
0
value 0.01106
scoring_system epss
scoring_elements 0.78437
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2595
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1413028
reference_id 1413028
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1413028
3
reference_url https://access.redhat.com/errata/RHSA-2017:1409
reference_id RHSA-2017:1409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1409
4
reference_url https://access.redhat.com/errata/RHSA-2017:1551
reference_id RHSA-2017:1551
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1551
fixed_packages
aliases CVE-2017-2595
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqkk-a3w9-nkgc
3
url VCID-z7ap-d8n3-cfae
vulnerability_id VCID-z7ap-d8n3-cfae
summary 
Improper Input Validation
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1255.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-1255.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
2
reference_url https://access.redhat.com/errata/RHSA-2017:1253
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1253
3
reference_url https://access.redhat.com/errata/RHSA-2017:1254
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1254
4
reference_url https://access.redhat.com/errata/RHSA-2017:1256
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1256
5
reference_url https://access.redhat.com/errata/RHSA-2017:1260
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1260
6
reference_url https://access.redhat.com/errata/RHSA-2017:1410
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1410
7
reference_url https://access.redhat.com/errata/RHSA-2017:1411
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1411
8
reference_url https://access.redhat.com/errata/RHSA-2017:1412
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1412
9
reference_url https://access.redhat.com/errata/RHSA-2017:1675
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1675
10
reference_url https://access.redhat.com/errata/RHSA-2017:1676
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1676
11
reference_url https://access.redhat.com/errata/RHSA-2018:2909
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2909
12
reference_url https://access.redhat.com/errata/RHSA-2018:2913
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2913
13
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9606.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9606.json
14
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9606
reference_id
reference_type
scores
0
value 0.02263
scoring_system epss
scoring_elements 0.84927
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9606
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1400644
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1400644
16
reference_url https://github.com/resteasy/Resteasy
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/Resteasy
17
reference_url http://www.securityfocus.com/bid/94940
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94940
18
reference_url http://www.securitytracker.com/id/1038524
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038524
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851430
reference_id 851430
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851430
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9606
reference_id CVE-2016-9606
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9606
21
reference_url https://github.com/advisories/GHSA-hgjr-xwj3-jfvw
reference_id GHSA-hgjr-xwj3-jfvw
reference_type
scores
url https://github.com/advisories/GHSA-hgjr-xwj3-jfvw
22
reference_url https://access.redhat.com/errata/RHSA-2017:1255
reference_id RHSA-2017:1255
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1255
23
reference_url https://access.redhat.com/errata/RHSA-2017:1409
reference_id RHSA-2017:1409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1409
fixed_packages
aliases CVE-2016-9606, GHSA-hgjr-xwj3-jfvw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z7ap-d8n3-cfae
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-undertow@1.3.28-4.Final_redhat_4.1.ep7%3Farch=el7