Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.0
Typemaven
Namespaceorg.apache.cxf
Namecxf-rt-ws-security
Version3.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.11
Latest_non_vulnerable_version3.1.11
Affected_by_vulnerabilities
0
url VCID-hbak-tuxz-83e4
vulnerability_id VCID-hbak-tuxz-83e4
summary 
Session Fixation
Apache CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1832
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1832
1
reference_url https://access.redhat.com/errata/RHSA-2018:1694
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1694
2
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
8
reference_url http://www.securityfocus.com/bid/97971
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97971
9
reference_url http://www.securitytracker.com/id/1038282
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1038282
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5656
reference_id CVE-2017-5656
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5656
11
reference_url http://cxf.apache.org/security-advisories.data/CVE-2017-5656.txt.asc?version=1&modificationDate=1492515113282&api=v2
reference_id CVE-2017-5656.TXT.ASC?VERSION=1&MODIFICATIONDATE=1492515113282&API=V2
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2017-5656.txt.asc?version=1&modificationDate=1492515113282&api=v2
12
reference_url https://github.com/advisories/GHSA-v936-x3j5-c76j
reference_id GHSA-v936-x3j5-c76j
reference_type
scores
url https://github.com/advisories/GHSA-v936-x3j5-c76j
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.11
purl pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.11
aliases CVE-2017-5656, GHSA-v936-x3j5-c76j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbak-tuxz-83e4
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.0