Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-me8z-qek2-wfgn

Summary

Improper Certificate Validation
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.

Aliases

alias	CVE-2016-3083

alias	GHSA-gf2v-9hp6-44qg

Fixed_packages

url	pkg:maven/org.apache.hive/hive@1.2.2
purl	pkg:maven/org.apache.hive/hive@1.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.2

url	pkg:maven/org.apache.hive/hive-exec@1.2.2
purl	pkg:maven/org.apache.hive/hive-exec@1.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.2.2

url	pkg:maven/org.apache.hive/hive-exec@2.0.1
purl	pkg:maven/org.apache.hive/hive-exec@2.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@2.0.1

url	pkg:maven/org.apache.hive/hive-jdbc@1.2.2
purl	pkg:maven/org.apache.hive/hive-jdbc@1.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.2.2

url	pkg:maven/org.apache.hive/hive-service@1.2.2
purl	pkg:maven/org.apache.hive/hive-service@1.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-service@1.2.2

url	pkg:maven/org.apache.hive/hive-service@2.0.1
purl	pkg:maven/org.apache.hive/hive-service@2.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-service@2.0.1

Affected_packages

url pkg:maven/org.apache.hive/hive@0.13.0

purl pkg:maven/org.apache.hive/hive@0.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@0.13.0

url pkg:maven/org.apache.hive/hive@0.13.1

purl pkg:maven/org.apache.hive/hive@0.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@0.13.1

url pkg:maven/org.apache.hive/hive@0.14.0

purl pkg:maven/org.apache.hive/hive@0.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@0.14.0

url pkg:maven/org.apache.hive/hive@1.0.0

purl pkg:maven/org.apache.hive/hive@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ppt-m2fe-1uge

vulnerability	VCID-e3vr-tx7y-xbg9

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.0.0

url pkg:maven/org.apache.hive/hive@1.0.1

purl pkg:maven/org.apache.hive/hive@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.0.1

url pkg:maven/org.apache.hive/hive@1.1.0

purl pkg:maven/org.apache.hive/hive@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ppt-m2fe-1uge

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.1.0

url pkg:maven/org.apache.hive/hive@1.1.1

purl pkg:maven/org.apache.hive/hive@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.1.1

url pkg:maven/org.apache.hive/hive@1.2.0

purl pkg:maven/org.apache.hive/hive@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.0

url pkg:maven/org.apache.hive/hive@1.2.1

purl pkg:maven/org.apache.hive/hive@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.1

url pkg:maven/org.apache.hive/hive-exec@2.0.0

purl pkg:maven/org.apache.hive/hive-exec@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@2.0.0

url pkg:maven/org.apache.hive/hive-jdbc@0.13.0

purl pkg:maven/org.apache.hive/hive-jdbc@0.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@0.13.0

url pkg:maven/org.apache.hive/hive-jdbc@0.13.1

purl pkg:maven/org.apache.hive/hive-jdbc@0.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@0.13.1

url pkg:maven/org.apache.hive/hive-jdbc@0.14.0

purl pkg:maven/org.apache.hive/hive-jdbc@0.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@0.14.0

url pkg:maven/org.apache.hive/hive-jdbc@1.0.0

purl pkg:maven/org.apache.hive/hive-jdbc@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.0.0

url pkg:maven/org.apache.hive/hive-jdbc@1.0.1

purl pkg:maven/org.apache.hive/hive-jdbc@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.0.1

url pkg:maven/org.apache.hive/hive-jdbc@1.1.0

purl pkg:maven/org.apache.hive/hive-jdbc@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.1.0

url pkg:maven/org.apache.hive/hive-jdbc@1.1.1

purl pkg:maven/org.apache.hive/hive-jdbc@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.1.1

url pkg:maven/org.apache.hive/hive-jdbc@1.2.0

purl pkg:maven/org.apache.hive/hive-jdbc@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.2.0

url pkg:maven/org.apache.hive/hive-jdbc@1.2.1

purl pkg:maven/org.apache.hive/hive-jdbc@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.2.1

url pkg:maven/org.apache.hive/hive-service@2.0.0

purl pkg:maven/org.apache.hive/hive-service@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-me8z-qek2-wfgn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-service@2.0.0

References

reference_url	https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E

reference_url	http://www.securityfocus.com/bid/98669
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/98669

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-3083
reference_id	CVE-2016-3083
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-3083

reference_url	https://github.com/advisories/GHSA-gf2v-9hp6-44qg
reference_id	GHSA-gf2v-9hp6-44qg
reference_type
scores
url	https://github.com/advisories/GHSA-gf2v-9hp6-44qg

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	295
name	Improper Certificate Validation
description	The product does not validate, or incorrectly validates, a certificate.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-me8z-qek2-wfgn

Vulnerability Instance