Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/io.undertow/undertow-core@1.0.0

Type maven

Namespace io.undertow

Name undertow-core

Version 1.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.0.17.Final

Latest_non_vulnerable_version 2.4.0.Beta1

Affected_by_vulnerabilities

url VCID-vwcx-hrtg-pygs

vulnerability_id VCID-vwcx-hrtg-pygs

summary

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165

reference_url

https://github.com/undertow-io/undertow

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow

reference_url

https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f

reference_url

https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f

reference_url

https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc

reference_url

https://issues.redhat.com/browse/UNDERTOW-1251

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/UNDERTOW-1251

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1490301
reference_id	1490301
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1490301

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338
reference_id	885338
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12165

reference_id

CVE-2017-12165

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12165

fixed_packages

url	pkg:maven/io.undertow/undertow-core@1.3.31
purl	pkg:maven/io.undertow/undertow-core@1.3.31
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31

url	pkg:maven/io.undertow/undertow-core@1.4.17
purl	pkg:maven/io.undertow/undertow-core@1.4.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17

url	pkg:maven/io.undertow/undertow-core@1.3.31.Final
purl	pkg:maven/io.undertow/undertow-core@1.3.31.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final

url	pkg:maven/io.undertow/undertow-core@1.4.17.Final
purl	pkg:maven/io.undertow/undertow-core@1.4.17.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final

url	pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
purl	pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1

url	pkg:maven/io.undertow/undertow-core@2.0.1.Final
purl	pkg:maven/io.undertow/undertow-core@2.0.1.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final

aliases CVE-2017-12165, GHSA-5gg7-5wv8-4gcj

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwcx-hrtg-pygs

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.0.0

Package Instance