Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/openjdk-6@6b18-1.8.13-0%2Bsqueeze2

Type deb

Namespace debian

Name openjdk-6

Version 6b18-1.8.13-0+squeeze2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6b38-1.13.10-1~deb7u1

Latest_non_vulnerable_version 6b38-1.13.10-1~deb7u1

Affected_by_vulnerabilities

url VCID-7gkv-pu79-43hx

vulnerability_id VCID-7gkv-pu79-43hx

summary

Security researcher Matthew Green reported a Diffie–Hellman
(DHE) key processing issue in Network Security Services (NSS) where a
man-in-the-middle (MITM) attacker can force a server to downgrade TLS
connections to 512-bit export-grade cryptography by modifying client
requests to include only export-grade cipher suites. The resulting
weak key can then be leveraged to impersonate the server. This attack
is detailed in the "Imperfect Forward
Secrecy: How Diffie-Hellman Fails in Practice" paper and is known as the
"Logjam Attack."This issue was fixed in NSS version 3.19.1 by limiting the lower strength of
supported DHE keys to use 1023 bit primes.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
reference_id	CVE-2015-4000
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2015-70

reference_id

mfsa2015-70

reference_type

scores

value	none
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2015-70

fixed_packages

url pkg:deb/debian/openjdk-6@6b36-1.13.8-1~deb7u1

purl pkg:deb/debian/openjdk-6@6b36-1.13.8-1~deb7u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81zk-xrsj-cufe

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-6@6b36-1.13.8-1~deb7u1

aliases CVE-2015-4000

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkv-pu79-43hx

url VCID-81zk-xrsj-cufe

vulnerability_id VCID-81zk-xrsj-cufe

summary

Security researcher Karthikeyan Bhargavan reported an issue
in Network Security Services (NSS) where MD5 signatures in the server signature within the
TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has
officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This
issues exposes NSS based clients such as Firefox to theoretical collision-based forgery
attacks. This issue was fixed in NSS version 3.20.2.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
reference_id	CVE-2015-7575
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2015-150

reference_id

mfsa2015-150

reference_type

scores

value	none
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2015-150

fixed_packages

url	pkg:deb/debian/openjdk-6@6b38-1.13.10-1~deb7u1
purl	pkg:deb/debian/openjdk-6@6b38-1.13.10-1~deb7u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-6@6b38-1.13.10-1~deb7u1

aliases CVE-2015-7575

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81zk-xrsj-cufe

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-6@6b18-1.8.13-0%252Bsqueeze2

Package Instance