Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.eclipse.kura/kura@2.1.0
Typemaven
Namespaceorg.eclipse.kura
Namekura
Version2.1.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.1.0
Latest_non_vulnerable_version4.1.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-zkpr-21zk-f3a5
vulnerability_id VCID-zkpr-21zk-f3a5
summary 
Improper Authentication
Kura takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. The Equinox console port is left open, logs into Kura without any user credentials over unencrypted telnet and executes commands using the Equinox `exec` command. As the process is running as `root` full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7649
reference_id CVE-2017-7649
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7649
fixed_packages
0
url pkg:maven/org.eclipse.kura/kura@2.1.0
purl pkg:maven/org.eclipse.kura/kura@2.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.kura/kura@2.1.0
aliases CVE-2017-7649
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkpr-21zk-f3a5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.kura/kura@2.1.0