Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-r6gj-vbqr-g7b7

Summary

Philip Mackenzie and Marius Schilder of Google informed us of Daniel Bleichenbacher's
recent presentation of a common implementation error in RSA signature verification,
a failure to account for extra data in the signature. For signatures with a small
exponent such as 3 it is possible for an attacker to calculate a value for this extra data to make an altered message appear to be correctly signed, allowing the signature to be forged.
Mozilla's Network Security Services (NSS) library was vulnerable to this flaw.Because the set of root Certificate Authorities that ship with Mozilla clients
contain some with an exponent of 3 it was possible to make up certificates,
such as SSL/TLS and email certificates, that were not detected as invalid.
This raised the possibility of the sort of Man-in-the-Middle attacks
SSL/TLS was invented to prevent.We thank Philip Mackenzie and Marius Schilder for bringing
this result to our attention and working with us to ensure the NSS library was
safe from variations on this basic attack.

Aliases

alias	CVE-2006-4339

Fixed_packages

url pkg:deb/debian/openssl@0.9.8c-4etch3%2Bm68k1

purl pkg:deb/debian/openssl@0.9.8c-4etch3%2Bm68k1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-249a-9kqa-p7an

vulnerability	VCID-3pke-7yer-87hz

vulnerability	VCID-4197-62g5-8ka3

vulnerability	VCID-448b-h78v-wfes

vulnerability	VCID-4pe4-89ss-57am

vulnerability	VCID-4wy2-zsz2-a3ew

vulnerability	VCID-7gkv-pu79-43hx

vulnerability	VCID-81zk-xrsj-cufe

vulnerability	VCID-8fae-zjwu-47gz

vulnerability	VCID-atus-ryef-17h1

vulnerability	VCID-d1w5-8ktx-cubx

vulnerability	VCID-dspw-qctj-jufk

vulnerability	VCID-e6jy-vxau-jfba

vulnerability	VCID-erdm-7pfg-e7hc

vulnerability	VCID-fb66-4fr3-xye7

vulnerability	VCID-fgmh-6g91-9qgv

vulnerability	VCID-g1bm-2aj1-kff9

vulnerability	VCID-k4k5-uhxu-gyc1

vulnerability	VCID-m4ms-vh59-ufbd

vulnerability	VCID-n1r2-zqmn-2ufh

vulnerability	VCID-rynq-d6tu-2ygg

vulnerability	VCID-uw52-vah8-uqda

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0.9.8c-4etch3%252Bm68k1

Affected_packages

url pkg:deb/debian/openssl@0.9.6c-2.woody.7

purl pkg:deb/debian/openssl@0.9.6c-2.woody.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-249a-9kqa-p7an

vulnerability	VCID-3pke-7yer-87hz

vulnerability	VCID-4197-62g5-8ka3

vulnerability	VCID-448b-h78v-wfes

vulnerability	VCID-4pe4-89ss-57am

vulnerability	VCID-4wy2-zsz2-a3ew

vulnerability	VCID-7gkv-pu79-43hx

vulnerability	VCID-81zk-xrsj-cufe

vulnerability	VCID-8fae-zjwu-47gz

vulnerability	VCID-atus-ryef-17h1

vulnerability	VCID-d1w5-8ktx-cubx

vulnerability	VCID-dspw-qctj-jufk

vulnerability	VCID-e6jy-vxau-jfba

vulnerability	VCID-erdm-7pfg-e7hc

vulnerability	VCID-fb66-4fr3-xye7

vulnerability	VCID-fgmh-6g91-9qgv

vulnerability	VCID-g1bm-2aj1-kff9

vulnerability	VCID-k4k5-uhxu-gyc1

vulnerability	VCID-m4ms-vh59-ufbd

vulnerability	VCID-n1r2-zqmn-2ufh

vulnerability	VCID-r6gj-vbqr-g7b7

vulnerability	VCID-rynq-d6tu-2ygg

vulnerability	VCID-uw52-vah8-uqda

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0.9.6c-2.woody.7

url pkg:deb/debian/openssl@0.9.7e-3sarge5

purl pkg:deb/debian/openssl@0.9.7e-3sarge5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-249a-9kqa-p7an

vulnerability	VCID-3pke-7yer-87hz

vulnerability	VCID-4197-62g5-8ka3

vulnerability	VCID-448b-h78v-wfes

vulnerability	VCID-4pe4-89ss-57am

vulnerability	VCID-4wy2-zsz2-a3ew

vulnerability	VCID-7gkv-pu79-43hx

vulnerability	VCID-81zk-xrsj-cufe

vulnerability	VCID-8fae-zjwu-47gz

vulnerability	VCID-atus-ryef-17h1

vulnerability	VCID-d1w5-8ktx-cubx

vulnerability	VCID-dspw-qctj-jufk

vulnerability	VCID-e6jy-vxau-jfba

vulnerability	VCID-erdm-7pfg-e7hc

vulnerability	VCID-fb66-4fr3-xye7

vulnerability	VCID-fgmh-6g91-9qgv

vulnerability	VCID-g1bm-2aj1-kff9

vulnerability	VCID-k4k5-uhxu-gyc1

vulnerability	VCID-m4ms-vh59-ufbd

vulnerability	VCID-n1r2-zqmn-2ufh

vulnerability	VCID-r6gj-vbqr-g7b7

vulnerability	VCID-rynq-d6tu-2ygg

vulnerability	VCID-uw52-vah8-uqda

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0.9.7e-3sarge5

References

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
reference_id	CVE-2006-4339
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2006-60

reference_id

mfsa2006-60

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2006-60

Weaknesses

Exploits

Severity_range_score 9.0 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r6gj-vbqr-g7b7

Vulnerability Instance