GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/3134?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3134?format=api",
    "vulnerability_id": "VCID-1j51-1nhr-53fd",
    "summary": "iDefense \nhas informed Mozilla about two potential buffer overflow\nvulnerabilities found by researcher regenrecht\nin the Network Security Services (NSS) code for processing \nthe SSLv2 protocol.SSL clients such as Firefox and Thunderbird can suffer\na buffer overflow if a malicious server presents a certificate\nwith a public key that is too small to encrypt the entire\n\"Master Secret\". Exploiting this overflow appears to be\nunreliable but possible if the SSLv2 protocol is enabled.Servers that use NSS \nfor the SSLv2 protocol can be exploited by\na client that presents a \"Client Master Key\" with invalid length\nvalues in any of several fields that are used without adequate\nerror checking. This can lead to a buffer overflow that\npresumably could be exploitable.Support for SSLv2 is disabled in Firefox 2 due to other known\nweaknesses in the protocol; Firefox 2 is not vulnerable unless\nthe user has modified hidden internal NSS settings to\nre-enable SSLv2 support.",
    "aliases": [
        {
            "alias": "CVE-2007-0008"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1268?format=api",
            "purl": "pkg:mozilla/NSS@3.11.5",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/NSS@3.11.5"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1265?format=api",
            "purl": "pkg:mozilla/SeaMonkey@1.0.8",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.8"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008",
            "reference_id": "CVE-2007-0008",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2007-06",
            "reference_id": "mfsa2007-06",
            "reference_type": "",
            "scores": [
                {
                    "value": "critical",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2007-06"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "9.0 - 10.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1j51-1nhr-53fd"
}