Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-d4q7-af81-tfh3
Summary
Security researcher Gregory Fleischer demonstrated a
problem with the HTTP Referer: (sic) header sent with requests
to URLs containing Basic Authentication credentials with empty usernames.
In these cases a number of leading characters, based on the length of the
password in the URL, are removed from the referrer hostname. Fleischer
pointed out that websites which only check the Referer: header
to protect against Cross-Site Request Forgery (CSRF) could be attacked using
this flaw. This concept was based on and expanded from a post to the
sla.ckers.org forum by security researcher RSnake.
Aliases
0
alias CVE-2008-1238
Fixed_packages
0
url pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14
purl pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14
1
url pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.0.0.14
purl pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.0.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.0.0.14
2
url pkg:ebuild/net-libs/xulrunner@1.1.9
purl pkg:ebuild/net-libs/xulrunner@1.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner@1.1.9
3
url pkg:ebuild/net-libs/xulrunner@1.1.9-r1
purl pkg:ebuild/net-libs/xulrunner@1.1.9-r1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner@1.1.9-r1
4
url pkg:ebuild/net-libs/xulrunner@1.8.1.14
purl pkg:ebuild/net-libs/xulrunner@1.8.1.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner@1.8.1.14
5
url pkg:ebuild/net-libs/xulrunner@2.0.0.14
purl pkg:ebuild/net-libs/xulrunner@2.0.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner@2.0.0.14
6
url pkg:ebuild/www-client/mozilla-firefox@2.0.0.14
purl pkg:ebuild/www-client/mozilla-firefox@2.0.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox@2.0.0.14
7
url pkg:ebuild/www-client/mozilla-firefox-bin@2.0.0.14
purl pkg:ebuild/www-client/mozilla-firefox-bin@2.0.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.0.0.14
8
url pkg:ebuild/www-client/seamonkey@1.1.9-r1
purl pkg:ebuild/www-client/seamonkey@1.1.9-r1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@1.1.9-r1
9
url pkg:ebuild/www-client/seamonkey@2.0.0.14
purl pkg:ebuild/www-client/seamonkey@2.0.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@2.0.0.14
10
url pkg:ebuild/www-client/seamonkey-bin@1.1.9
purl pkg:ebuild/www-client/seamonkey-bin@1.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@1.1.9
11
url pkg:ebuild/www-client/seamonkey-bin@1.1.9-r1
purl pkg:ebuild/www-client/seamonkey-bin@1.1.9-r1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@1.1.9-r1
12
url pkg:ebuild/www-client/seamonkey-bin@2.0.0.14
purl pkg:ebuild/www-client/seamonkey-bin@2.0.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@2.0.0.14
13
url pkg:mozilla/SeaMonkey@1.1.9
purl pkg:mozilla/SeaMonkey@1.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.9
Affected_packages
0
url pkg:rpm/redhat/firefox@1.5.0.12-0.14?arch=el4
purl pkg:rpm/redhat/firefox@1.5.0.12-0.14?arch=el4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uca-wctd-xqc6
1
vulnerability VCID-4awt-7sff-v3dk
2
vulnerability VCID-au5q-x3zh-ruh5
3
vulnerability VCID-axac-sm5g-5bec
4
vulnerability VCID-d4q7-af81-tfh3
5
vulnerability VCID-jedz-rd4u-6fe3
6
vulnerability VCID-vtag-6v5p-yfb8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@1.5.0.12-0.14%3Farch=el4
1
url pkg:rpm/redhat/firefox@1.5.0.12-14?arch=el5_1
purl pkg:rpm/redhat/firefox@1.5.0.12-14?arch=el5_1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uca-wctd-xqc6
1
vulnerability VCID-4awt-7sff-v3dk
2
vulnerability VCID-au5q-x3zh-ruh5
3
vulnerability VCID-axac-sm5g-5bec
4
vulnerability VCID-d4q7-af81-tfh3
5
vulnerability VCID-jedz-rd4u-6fe3
6
vulnerability VCID-vtag-6v5p-yfb8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@1.5.0.12-14%3Farch=el5_1
2
url pkg:rpm/redhat/seamonkey@1.0.9-0.14?arch=el2
purl pkg:rpm/redhat/seamonkey@1.0.9-0.14?arch=el2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uca-wctd-xqc6
1
vulnerability VCID-4awt-7sff-v3dk
2
vulnerability VCID-au5q-x3zh-ruh5
3
vulnerability VCID-axac-sm5g-5bec
4
vulnerability VCID-d4q7-af81-tfh3
5
vulnerability VCID-frxr-esg5-ryd7
6
vulnerability VCID-jedz-rd4u-6fe3
7
vulnerability VCID-vtag-6v5p-yfb8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/seamonkey@1.0.9-0.14%3Farch=el2
3
url pkg:rpm/redhat/seamonkey@1.0.9-0.16?arch=el3
purl pkg:rpm/redhat/seamonkey@1.0.9-0.16?arch=el3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uca-wctd-xqc6
1
vulnerability VCID-4awt-7sff-v3dk
2
vulnerability VCID-au5q-x3zh-ruh5
3
vulnerability VCID-axac-sm5g-5bec
4
vulnerability VCID-d4q7-af81-tfh3
5
vulnerability VCID-frxr-esg5-ryd7
6
vulnerability VCID-jedz-rd4u-6fe3
7
vulnerability VCID-vtag-6v5p-yfb8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/seamonkey@1.0.9-0.16%3Farch=el3
4
url pkg:rpm/redhat/seamonkey@1.0.9-15?arch=el4
purl pkg:rpm/redhat/seamonkey@1.0.9-15?arch=el4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uca-wctd-xqc6
1
vulnerability VCID-4awt-7sff-v3dk
2
vulnerability VCID-au5q-x3zh-ruh5
3
vulnerability VCID-axac-sm5g-5bec
4
vulnerability VCID-d4q7-af81-tfh3
5
vulnerability VCID-frxr-esg5-ryd7
6
vulnerability VCID-jedz-rd4u-6fe3
7
vulnerability VCID-vtag-6v5p-yfb8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/seamonkey@1.0.9-15%3Farch=el4
5
url pkg:rpm/redhat/thunderbird@1.5.0.12-10?arch=el4
purl pkg:rpm/redhat/thunderbird@1.5.0.12-10?arch=el4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uca-wctd-xqc6
1
vulnerability VCID-4awt-7sff-v3dk
2
vulnerability VCID-au5q-x3zh-ruh5
3
vulnerability VCID-axac-sm5g-5bec
4
vulnerability VCID-d4q7-af81-tfh3
5
vulnerability VCID-jedz-rd4u-6fe3
6
vulnerability VCID-vtag-6v5p-yfb8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@1.5.0.12-10%3Farch=el4
6
url pkg:rpm/redhat/thunderbird@1.5.0.12-11?arch=el5_1
purl pkg:rpm/redhat/thunderbird@1.5.0.12-11?arch=el5_1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uca-wctd-xqc6
1
vulnerability VCID-4awt-7sff-v3dk
2
vulnerability VCID-au5q-x3zh-ruh5
3
vulnerability VCID-axac-sm5g-5bec
4
vulnerability VCID-d4q7-af81-tfh3
5
vulnerability VCID-jedz-rd4u-6fe3
6
vulnerability VCID-vtag-6v5p-yfb8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@1.5.0.12-11%3Farch=el5_1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1238.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1238.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1238
reference_id
reference_type
scores
0
value 0.07189
scoring_system epss
scoring_elements 0.91736
published_at 2026-06-04T12:55:00Z
1
value 0.07189
scoring_system epss
scoring_elements 0.91748
published_at 2026-06-05T12:55:00Z
2
value 0.07189
scoring_system epss
scoring_elements 0.9175
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1238
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=438724
reference_id 438724
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=438724
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238
reference_id CVE-2008-1238
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238
4
reference_url https://security.gentoo.org/glsa/200805-18
reference_id GLSA-200805-18
reference_type
scores
url https://security.gentoo.org/glsa/200805-18
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2008-16
reference_id mfsa2008-16
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2008-16
6
reference_url https://access.redhat.com/errata/RHSA-2008:0207
reference_id RHSA-2008:0207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0207
7
reference_url https://access.redhat.com/errata/RHSA-2008:0208
reference_id RHSA-2008:0208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0208
8
reference_url https://access.redhat.com/errata/RHSA-2008:0209
reference_id RHSA-2008:0209
reference_type
scores
url https://access.redhat.com/errata/RHSA-2008:0209
9
reference_url https://usn.ubuntu.com/592-1/
reference_id USN-592-1
reference_type
scores
url https://usn.ubuntu.com/592-1/
Weaknesses
Exploits
Severity_range_scorenull
Exploitability0.5
Weighted_severity0.1
Risk_score0.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-d4q7-af81-tfh3