Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/io.undertow/undertow-core@2.0.2

Type maven

Namespace io.undertow

Name undertow-core

Version 2.0.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.0.5

Latest_non_vulnerable_version 2.4.0.Beta1

Affected_by_vulnerabilities

url VCID-yaw7-jmu3-qyeb

vulnerability_id VCID-yaw7-jmu3-qyeb

summary

Incorrect Authorization
When using `Digest` authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:0478

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0478

reference_url

https://access.redhat.com/errata/RHSA-2018:0479

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0479

reference_url

https://access.redhat.com/errata/RHSA-2018:0480

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0480

reference_url

https://access.redhat.com/errata/RHSA-2018:0481

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0481

reference_url

https://access.redhat.com/errata/RHSA-2018:1525

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1525

reference_url

https://access.redhat.com/errata/RHSA-2018:2405

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2405

reference_url

https://access.redhat.com/errata/RHSA-2018:3768

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3768

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12196

reference_id

reference_type

scores

value	0.00531
scoring_system	epss
scoring_elements	0.67612
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12196

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196

reference_url

https://github.com/undertow-io/undertow

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow

reference_url	https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
reference_id
reference_type
scores
url	https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f

reference_url

https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870

reference_url

https://issues.jboss.org/browse/UNDERTOW-1190

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/UNDERTOW-1190

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1503055
reference_id	1503055
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1503055

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12196

reference_id

CVE-2017-12196

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12196

reference_url	https://access.redhat.com/errata/RHSA-2020:2561
reference_id	RHSA-2020:2561
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2561

reference_url	https://access.redhat.com/errata/RHSA-2020:2562
reference_id	RHSA-2020:2562
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2562

fixed_packages

url pkg:maven/io.undertow/undertow-core@2.0.3.Final

purl pkg:maven/io.undertow/undertow-core@2.0.3.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gjh-hhzw-jyda

vulnerability	VCID-4qfb-8hen-qkc7

vulnerability	VCID-4zav-auak-8qbu

vulnerability	VCID-63qx-1wuv-qufb

vulnerability	VCID-641y-uckh-gfen

vulnerability	VCID-kkn4-9xex-fyb7

vulnerability	VCID-qbnn-jmjd-qqbx

vulnerability	VCID-rxsj-32jz-wugq

vulnerability	VCID-uenh-qgna-t7c4

vulnerability	VCID-w6r9-g7sc-y3ed

vulnerability	VCID-xdmu-mgga-xuf2

vulnerability	VCID-zhjh-bx17-pkdc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.3.Final

aliases CVE-2017-12196, GHSA-cp7v-vmv7-6x2q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yaw7-jmu3-qyeb

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.2

Package Instance