Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.undertow/undertow-core@1.4.0
Typemaven
Namespaceio.undertow
Nameundertow-core
Version1.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.17
Latest_non_vulnerable_version2.4.0.Beta1
Affected_by_vulnerabilities
0
url VCID-387y-knja-ukh8
vulnerability_id VCID-387y-knja-ukh8
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
It was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2666
reference_id
reference_type
scores
0
value 0.01394
scoring_system epss
scoring_elements 0.8072
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2666
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666
4
reference_url https://github.com/advisories/GHSA-mcfm-h73v-635m
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mcfm-h73v-635m
5
reference_url http://www.securityfocus.com/bid/98966
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98966
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1436163
reference_id 1436163
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1436163
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id 864405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2666
reference_id CVE-2017-2666
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2666
9
reference_url https://access.redhat.com/errata/RHSA-2017:1409
reference_id RHSA-2017:1409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1409
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.17.Final
purl pkg:maven/io.undertow/undertow-core@1.4.17.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-387y-knja-ukh8
1
vulnerability VCID-4gjh-hhzw-jyda
2
vulnerability VCID-4qfb-8hen-qkc7
3
vulnerability VCID-4zav-auak-8qbu
4
vulnerability VCID-63qx-1wuv-qufb
5
vulnerability VCID-641y-uckh-gfen
6
vulnerability VCID-kkn4-9xex-fyb7
7
vulnerability VCID-qbnn-jmjd-qqbx
8
vulnerability VCID-rxsj-32jz-wugq
9
vulnerability VCID-uenh-qgna-t7c4
10
vulnerability VCID-w6r9-g7sc-y3ed
11
vulnerability VCID-wncj-73h2-y3cw
12
vulnerability VCID-xdmu-mgga-xuf2
13
vulnerability VCID-yaw7-jmu3-qyeb
14
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final
1
url pkg:maven/io.undertow/undertow-core@1.4.17
purl pkg:maven/io.undertow/undertow-core@1.4.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17
2
url pkg:maven/io.undertow/undertow-core@2.0.0
purl pkg:maven/io.undertow/undertow-core@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-me9g-1s7c-m7cw
1
vulnerability VCID-pkzf-4u9a-c3hq
2
vulnerability VCID-xdmu-mgga-xuf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0
3
url pkg:maven/io.undertow/undertow-core@2.0.0.Final
purl pkg:maven/io.undertow/undertow-core@2.0.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gjh-hhzw-jyda
1
vulnerability VCID-4qfb-8hen-qkc7
2
vulnerability VCID-4zav-auak-8qbu
3
vulnerability VCID-63qx-1wuv-qufb
4
vulnerability VCID-641y-uckh-gfen
5
vulnerability VCID-kkn4-9xex-fyb7
6
vulnerability VCID-me9g-1s7c-m7cw
7
vulnerability VCID-pkzf-4u9a-c3hq
8
vulnerability VCID-qbnn-jmjd-qqbx
9
vulnerability VCID-rxsj-32jz-wugq
10
vulnerability VCID-uenh-qgna-t7c4
11
vulnerability VCID-vwcx-hrtg-pygs
12
vulnerability VCID-w6r9-g7sc-y3ed
13
vulnerability VCID-xdmu-mgga-xuf2
14
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Final
aliases CVE-2017-2666, GHSA-mcfm-h73v-635m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-387y-knja-ukh8
1
url VCID-pkzf-4u9a-c3hq
vulnerability_id VCID-pkzf-4u9a-c3hq
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
Invalid characters are allowed in query strings and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7559
reference_id
reference_type
scores
0
value 0.01128
scoring_system epss
scoring_elements 0.78644
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7559
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://issues.jboss.org/browse/UNDERTOW-1251
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1251
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1481665
reference_id 1481665
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1481665
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576
reference_id 885576
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7559
reference_id CVE-2017-7559
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7559
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.17.Final
purl pkg:maven/io.undertow/undertow-core@1.4.17.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-387y-knja-ukh8
1
vulnerability VCID-4gjh-hhzw-jyda
2
vulnerability VCID-4qfb-8hen-qkc7
3
vulnerability VCID-4zav-auak-8qbu
4
vulnerability VCID-63qx-1wuv-qufb
5
vulnerability VCID-641y-uckh-gfen
6
vulnerability VCID-kkn4-9xex-fyb7
7
vulnerability VCID-qbnn-jmjd-qqbx
8
vulnerability VCID-rxsj-32jz-wugq
9
vulnerability VCID-uenh-qgna-t7c4
10
vulnerability VCID-w6r9-g7sc-y3ed
11
vulnerability VCID-wncj-73h2-y3cw
12
vulnerability VCID-xdmu-mgga-xuf2
13
vulnerability VCID-yaw7-jmu3-qyeb
14
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2
purl pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2
2
url pkg:maven/io.undertow/undertow-core@2.0.1.Final
purl pkg:maven/io.undertow/undertow-core@2.0.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gjh-hhzw-jyda
1
vulnerability VCID-4qfb-8hen-qkc7
2
vulnerability VCID-4zav-auak-8qbu
3
vulnerability VCID-63qx-1wuv-qufb
4
vulnerability VCID-641y-uckh-gfen
5
vulnerability VCID-kkn4-9xex-fyb7
6
vulnerability VCID-qbnn-jmjd-qqbx
7
vulnerability VCID-rxsj-32jz-wugq
8
vulnerability VCID-uenh-qgna-t7c4
9
vulnerability VCID-w6r9-g7sc-y3ed
10
vulnerability VCID-xdmu-mgga-xuf2
11
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final
aliases CVE-2017-7559, GHSA-rj76-h87p-r3wf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkzf-4u9a-c3hq
2
url VCID-vwcx-hrtg-pygs
vulnerability_id VCID-vwcx-hrtg-pygs
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12165
reference_id
reference_type
scores
0
value 0.01096
scoring_system epss
scoring_elements 0.78343
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12165
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
5
reference_url https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f
6
reference_url https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc
7
reference_url https://issues.redhat.com/browse/UNDERTOW-1251
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1251
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1490301
reference_id 1490301
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1490301
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338
reference_id 885338
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12165
reference_id CVE-2017-12165
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12165
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.17.Final
purl pkg:maven/io.undertow/undertow-core@1.4.17.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-387y-knja-ukh8
1
vulnerability VCID-4gjh-hhzw-jyda
2
vulnerability VCID-4qfb-8hen-qkc7
3
vulnerability VCID-4zav-auak-8qbu
4
vulnerability VCID-63qx-1wuv-qufb
5
vulnerability VCID-641y-uckh-gfen
6
vulnerability VCID-kkn4-9xex-fyb7
7
vulnerability VCID-qbnn-jmjd-qqbx
8
vulnerability VCID-rxsj-32jz-wugq
9
vulnerability VCID-uenh-qgna-t7c4
10
vulnerability VCID-w6r9-g7sc-y3ed
11
vulnerability VCID-wncj-73h2-y3cw
12
vulnerability VCID-xdmu-mgga-xuf2
13
vulnerability VCID-yaw7-jmu3-qyeb
14
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final
1
url pkg:maven/io.undertow/undertow-core@1.4.17
purl pkg:maven/io.undertow/undertow-core@1.4.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17
2
url pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
purl pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-387y-knja-ukh8
1
vulnerability VCID-4gjh-hhzw-jyda
2
vulnerability VCID-4qfb-8hen-qkc7
3
vulnerability VCID-4zav-auak-8qbu
4
vulnerability VCID-63qx-1wuv-qufb
5
vulnerability VCID-641y-uckh-gfen
6
vulnerability VCID-kkn4-9xex-fyb7
7
vulnerability VCID-me9g-1s7c-m7cw
8
vulnerability VCID-qbnn-jmjd-qqbx
9
vulnerability VCID-rxsj-32jz-wugq
10
vulnerability VCID-uenh-qgna-t7c4
11
vulnerability VCID-w6r9-g7sc-y3ed
12
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
3
url pkg:maven/io.undertow/undertow-core@2.0.1.Final
purl pkg:maven/io.undertow/undertow-core@2.0.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gjh-hhzw-jyda
1
vulnerability VCID-4qfb-8hen-qkc7
2
vulnerability VCID-4zav-auak-8qbu
3
vulnerability VCID-63qx-1wuv-qufb
4
vulnerability VCID-641y-uckh-gfen
5
vulnerability VCID-kkn4-9xex-fyb7
6
vulnerability VCID-qbnn-jmjd-qqbx
7
vulnerability VCID-rxsj-32jz-wugq
8
vulnerability VCID-uenh-qgna-t7c4
9
vulnerability VCID-w6r9-g7sc-y3ed
10
vulnerability VCID-xdmu-mgga-xuf2
11
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final
aliases CVE-2017-12165, GHSA-5gg7-5wv8-4gcj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwcx-hrtg-pygs
Fixing_vulnerabilities
0
url VCID-me9g-1s7c-m7cw
vulnerability_id VCID-me9g-1s7c-m7cw
summary 
Improper Neutralization of CRLF Sequences in HTTP Headers
CRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-1838.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1838.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-1839.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1839.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1840.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1840.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1841.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1841.html
4
reference_url https://access.redhat.com/errata/RHSA-2017:3454
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3454
5
reference_url https://access.redhat.com/errata/RHSA-2017:3455
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3455
6
reference_url https://access.redhat.com/errata/RHSA-2017:3456
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3456
7
reference_url https://access.redhat.com/errata/RHSA-2017:3458
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3458
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4993
reference_id
reference_type
scores
0
value 0.01476
scoring_system epss
scoring_elements 0.81297
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4993
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1344321
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1344321
11
reference_url https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12
12
reference_url https://issues.redhat.com/browse/UNDERTOW-827
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-827
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4993
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4993
14
reference_url https://access.redhat.com/security/cve/CVE-2016-4993
reference_id CVE-2016-4993
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2016-4993
15
reference_url https://access.redhat.com/errata/RHSA-2016:1838
reference_id RHSA-2016:1838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1838
16
reference_url https://access.redhat.com/errata/RHSA-2016:1839
reference_id RHSA-2016:1839
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1839
17
reference_url https://access.redhat.com/errata/RHSA-2016:1840
reference_id RHSA-2016:1840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1840
18
reference_url https://access.redhat.com/errata/RHSA-2016:1841
reference_id RHSA-2016:1841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1841
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.3.5.Final
purl pkg:maven/io.undertow/undertow-core@1.3.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-387y-knja-ukh8
1
vulnerability VCID-4gjh-hhzw-jyda
2
vulnerability VCID-4qfb-8hen-qkc7
3
vulnerability VCID-4zav-auak-8qbu
4
vulnerability VCID-63qx-1wuv-qufb
5
vulnerability VCID-641y-uckh-gfen
6
vulnerability VCID-9gv3-ujz4-4fau
7
vulnerability VCID-9v45-vygq-eugz
8
vulnerability VCID-kkn4-9xex-fyb7
9
vulnerability VCID-pkzf-4u9a-c3hq
10
vulnerability VCID-qbnn-jmjd-qqbx
11
vulnerability VCID-rxsj-32jz-wugq
12
vulnerability VCID-uenh-qgna-t7c4
13
vulnerability VCID-vwcx-hrtg-pygs
14
vulnerability VCID-w6r9-g7sc-y3ed
15
vulnerability VCID-wncj-73h2-y3cw
16
vulnerability VCID-xdmu-mgga-xuf2
17
vulnerability VCID-yaw7-jmu3-qyeb
18
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.5.Final
1
url pkg:maven/io.undertow/undertow-core@1.4.0
purl pkg:maven/io.undertow/undertow-core@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-387y-knja-ukh8
1
vulnerability VCID-pkzf-4u9a-c3hq
2
vulnerability VCID-vwcx-hrtg-pygs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.0
2
url pkg:maven/io.undertow/undertow-core@2.0.1
purl pkg:maven/io.undertow/undertow-core@2.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1
3
url pkg:maven/io.undertow/undertow-core@2.0.1.Final
purl pkg:maven/io.undertow/undertow-core@2.0.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gjh-hhzw-jyda
1
vulnerability VCID-4qfb-8hen-qkc7
2
vulnerability VCID-4zav-auak-8qbu
3
vulnerability VCID-63qx-1wuv-qufb
4
vulnerability VCID-641y-uckh-gfen
5
vulnerability VCID-kkn4-9xex-fyb7
6
vulnerability VCID-qbnn-jmjd-qqbx
7
vulnerability VCID-rxsj-32jz-wugq
8
vulnerability VCID-uenh-qgna-t7c4
9
vulnerability VCID-w6r9-g7sc-y3ed
10
vulnerability VCID-xdmu-mgga-xuf2
11
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final
aliases CVE-2016-4993, GHSA-qcqr-hcjq-whfq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-me9g-1s7c-m7cw
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.0