Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/56896?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/56896?format=api", "purl": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.2.5", "type": "maven", "namespace": "org.apache.cxf", "name": "cxf-rt-transports-http", "version": "3.2.5", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.5.10", "latest_non_vulnerable_version": "3.2.5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40032?format=api", "vulnerability_id": "VCID-bfaf-hqw5-13fd", "summary": "Improper Handling of Exceptional Conditions\nIt is possible to configure Apache CXF to use the `com.sun.net.ssl` implementation via `System.setProperty`. When this system property is set, CXF uses some reflection to try to make the `HostnameVerifier` work with the old `com.sun.net.ssl.HostnameVerifier` interface. However, the default `HostnameVerifier` implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the `com.sun.net.ssl` stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2277" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2279", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2428", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2643", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3768", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3817", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3817" }, { "reference_url": "https://github.com/apache/cxf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/cxf" }, { "reference_url": "https://github.com/apache/cxf/commit/8ed6208f987ff72e4c4d2cf8a6b1ec9b27575d4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/cxf/commit/8ed6208f987ff72e4c4d2cf8a6b1ec9b27575d4" }, { "reference_url": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b" }, { "reference_url": "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.securitytracker.com/id/1041199", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041199" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039", "reference_id": "CVE-2018-8039", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8039" }, { "reference_url": "https://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc", "reference_id": "CVE-2018-8039.TXT.ASC", "reference_type": "", "scores": [], "url": "https://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc" }, { "reference_url": "https://github.com/advisories/GHSA-jc7r-v6fg-2gpf", "reference_id": "GHSA-jc7r-v6fg-2gpf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jc7r-v6fg-2gpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56897?format=api", "purl": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/56896?format=api", "purl": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.2.5" } ], "aliases": [ "CVE-2018-8039", "GHSA-jc7r-v6fg-2gpf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bfaf-hqw5-13fd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.2.5" }