Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.hive/hive@1.0.1
Typemaven
Namespaceorg.apache.hive
Namehive
Version1.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.2
Latest_non_vulnerable_version3.1.1
Affected_by_vulnerabilities
0
url VCID-me8z-qek2-wfgn
vulnerability_id VCID-me8z-qek2-wfgn
summary 
Improper Certificate Validation
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.
references
0
reference_url https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E
1
reference_url http://www.securityfocus.com/bid/98669
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98669
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3083
reference_id CVE-2016-3083
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-3083
3
reference_url https://github.com/advisories/GHSA-gf2v-9hp6-44qg
reference_id GHSA-gf2v-9hp6-44qg
reference_type
scores
url https://github.com/advisories/GHSA-gf2v-9hp6-44qg
fixed_packages
0
url pkg:maven/org.apache.hive/hive@1.2.2
purl pkg:maven/org.apache.hive/hive@1.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.2
aliases CVE-2016-3083, GHSA-gf2v-9hp6-44qg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-me8z-qek2-wfgn
Fixing_vulnerabilities
0
url VCID-6ppt-m2fe-1uge
vulnerability_id VCID-6ppt-m2fe-1uge
summary 
Improper Authentication
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.
references
0
reference_url http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E
reference_id
reference_type
scores
url http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E
1
reference_url https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
reference_id
reference_type
scores
url https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
2
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21969546
reference_id
reference_type
scores
url http://www-01.ibm.com/support/docview.wss?uid=swg21969546
3
reference_url http://www.securitytracker.com/id/1034365
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1034365
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1772
reference_id CVE-2015-1772
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-1772
5
reference_url https://github.com/advisories/GHSA-5gvm-hrw5-h6xf
reference_id GHSA-5gvm-hrw5-h6xf
reference_type
scores
url https://github.com/advisories/GHSA-5gvm-hrw5-h6xf
fixed_packages
0
url pkg:maven/org.apache.hive/hive@1.0.1
purl pkg:maven/org.apache.hive/hive@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-me8z-qek2-wfgn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.0.1
1
url pkg:maven/org.apache.hive/hive@1.1.1
purl pkg:maven/org.apache.hive/hive@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-me8z-qek2-wfgn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.1.1
aliases CVE-2015-1772, GHSA-5gvm-hrw5-h6xf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ppt-m2fe-1uge
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.0.1