Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-py4t-2k9m-1ff5
Summary
Denial of Service Attacks on Apache CXF
The streaming XML parser in this package remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of elements, attributes, nested constructs, and possibly other vectors.
Aliases
0
alias CVE-2013-2160
1
alias GHSA-254q-rp36-v2m8
Fixed_packages
0
url pkg:maven/org.apache.cxf/apache-cxf@2.5.10
purl pkg:maven/org.apache.cxf/apache-cxf@2.5.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@2.5.10
1
url pkg:maven/org.apache.cxf/apache-cxf@2.6.6-jbossorg-1
purl pkg:maven/org.apache.cxf/apache-cxf@2.6.6-jbossorg-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@2.6.6-jbossorg-1
2
url pkg:maven/org.apache.cxf/apache-cxf@2.7.4
purl pkg:maven/org.apache.cxf/apache-cxf@2.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@2.7.4
3
url pkg:maven/org.apache.cxf/cxf-api@2.5.10
purl pkg:maven/org.apache.cxf/cxf-api@2.5.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-api@2.5.10
4
url pkg:maven/org.apache.cxf/cxf-api@2.6.7
purl pkg:maven/org.apache.cxf/cxf-api@2.6.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-api@2.6.7
5
url pkg:maven/org.apache.cxf/cxf-api@2.7.4
purl pkg:maven/org.apache.cxf/cxf-api@2.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-api@2.7.4
6
url pkg:maven/org.apache.cxf/cxf-parent@2.5.10
purl pkg:maven/org.apache.cxf/cxf-parent@2.5.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-parent@2.5.10
7
url pkg:maven/org.apache.cxf/cxf-parent@2.6.7
purl pkg:maven/org.apache.cxf/cxf-parent@2.6.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-parent@2.6.7
8
url pkg:maven/org.apache.cxf/cxf-parent@2.7.4
purl pkg:maven/org.apache.cxf/cxf-parent@2.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-parent@2.7.4
9
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.10
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.10
10
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.7
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.7
11
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.4
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.4
Affected_packages
0
url pkg:maven/org.apache.cxf/apache-cxf@2.5
purl pkg:maven/org.apache.cxf/apache-cxf@2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@2.5
1
url pkg:maven/org.apache.cxf/apache-cxf@2.5.9
purl pkg:maven/org.apache.cxf/apache-cxf@2.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@2.5.9
2
url pkg:maven/org.apache.cxf/apache-cxf@2.6
purl pkg:maven/org.apache.cxf/apache-cxf@2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@2.6
3
url pkg:maven/org.apache.cxf/apache-cxf@2.6.6
purl pkg:maven/org.apache.cxf/apache-cxf@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@2.6.6
4
url pkg:maven/org.apache.cxf/apache-cxf@2.7
purl pkg:maven/org.apache.cxf/apache-cxf@2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@2.7
5
url pkg:maven/org.apache.cxf/apache-cxf@2.7.3
purl pkg:maven/org.apache.cxf/apache-cxf@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@2.7.3
6
url pkg:maven/org.apache.cxf/cxf-api@2.5-alpha0
purl pkg:maven/org.apache.cxf/cxf-api@2.5-alpha0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnc9-jpuu-vfac
1
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-api@2.5-alpha0
7
url pkg:maven/org.apache.cxf/cxf-api@2.5.9
purl pkg:maven/org.apache.cxf/cxf-api@2.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-api@2.5.9
8
url pkg:maven/org.apache.cxf/cxf-api@2.6-alpha0
purl pkg:maven/org.apache.cxf/cxf-api@2.6-alpha0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-api@2.6-alpha0
9
url pkg:maven/org.apache.cxf/cxf-api@2.6.6
purl pkg:maven/org.apache.cxf/cxf-api@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-api@2.6.6
10
url pkg:maven/org.apache.cxf/cxf-api@2.7-alpha0
purl pkg:maven/org.apache.cxf/cxf-api@2.7-alpha0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-api@2.7-alpha0
11
url pkg:maven/org.apache.cxf/cxf-api@2.7.3
purl pkg:maven/org.apache.cxf/cxf-api@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-api@2.7.3
12
url pkg:maven/org.apache.cxf/cxf-parent@2.5-alpha0
purl pkg:maven/org.apache.cxf/cxf-parent@2.5-alpha0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-parent@2.5-alpha0
13
url pkg:maven/org.apache.cxf/cxf-parent@2.5.9
purl pkg:maven/org.apache.cxf/cxf-parent@2.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-parent@2.5.9
14
url pkg:maven/org.apache.cxf/cxf-parent@2.6-alpha0
purl pkg:maven/org.apache.cxf/cxf-parent@2.6-alpha0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-parent@2.6-alpha0
15
url pkg:maven/org.apache.cxf/cxf-parent@2.6.6
purl pkg:maven/org.apache.cxf/cxf-parent@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-parent@2.6.6
16
url pkg:maven/org.apache.cxf/cxf-parent@2.7-alpha0
purl pkg:maven/org.apache.cxf/cxf-parent@2.7-alpha0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-parent@2.7-alpha0
17
url pkg:maven/org.apache.cxf/cxf-parent@2.7.3
purl pkg:maven/org.apache.cxf/cxf-parent@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-parent@2.7.3
18
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.0
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.0
19
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.0
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cppb-xhj5-a7ep
1
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.0
20
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.0
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bc6q-5xj6-8bcp
1
vulnerability VCID-cppb-xhj5-a7ep
2
vulnerability VCID-py4t-2k9m-1ff5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.0
References
0
reference_url http://jira.codehaus.org/browse/WSTX-285
reference_id
reference_type
scores
url http://jira.codehaus.org/browse/WSTX-285
1
reference_url http://jira.codehaus.org/browse/WSTX-287
reference_id
reference_type
scores
url http://jira.codehaus.org/browse/WSTX-287
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-1028.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-1028.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1437.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-1437.html
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=929197
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=929197
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2160
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2160
6
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2160
reference_id CVE-2013-2160
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-2160
13
reference_url http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
reference_id CVE-2013-2160.TXT.ASC
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
14
reference_url https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
reference_id CVE-2013-2160.TXT.ASC
reference_type
scores
url https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
15
reference_url https://github.com/advisories/GHSA-254q-rp36-v2m8
reference_id GHSA-254q-rp36-v2m8
reference_type
scores
url https://github.com/advisories/GHSA-254q-rp36-v2m8
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 399
name Resource Management Errors
description Weaknesses in this category are related to improper management of system resources.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-py4t-2k9m-1ff5