Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/38637?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38637?format=api", "vulnerability_id": "VCID-me8z-qek2-wfgn", "summary": "Improper Certificate Validation\nApache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.", "aliases": [ { "alias": "CVE-2016-3083" }, { "alias": "GHSA-gf2v-9hp6-44qg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53648?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/57076?format=api", "purl": "pkg:maven/org.apache.hive/hive-exec@1.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/57596?format=api", "purl": "pkg:maven/org.apache.hive/hive-exec@2.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53638?format=api", "purl": "pkg:maven/org.apache.hive/hive-jdbc@1.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/57051?format=api", "purl": "pkg:maven/org.apache.hive/hive-service@1.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-service@1.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/57598?format=api", "purl": "pkg:maven/org.apache.hive/hive-service@2.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-service@2.0.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53639?format=api", "purl": "pkg:maven/org.apache.hive/hive@0.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@0.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53640?format=api", "purl": "pkg:maven/org.apache.hive/hive@0.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@0.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53641?format=api", "purl": "pkg:maven/org.apache.hive/hive@0.14.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@0.14.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53642?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ppt-m2fe-1uge" }, { "vulnerability": "VCID-e3vr-tx7y-xbg9" }, { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53643?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53644?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ppt-m2fe-1uge" }, { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53645?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53646?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53647?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/57595?format=api", "purl": "pkg:maven/org.apache.hive/hive-exec@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53629?format=api", "purl": "pkg:maven/org.apache.hive/hive-jdbc@0.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@0.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53630?format=api", "purl": "pkg:maven/org.apache.hive/hive-jdbc@0.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@0.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53631?format=api", "purl": "pkg:maven/org.apache.hive/hive-jdbc@0.14.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@0.14.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53632?format=api", "purl": "pkg:maven/org.apache.hive/hive-jdbc@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53633?format=api", "purl": "pkg:maven/org.apache.hive/hive-jdbc@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53634?format=api", "purl": "pkg:maven/org.apache.hive/hive-jdbc@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53635?format=api", "purl": "pkg:maven/org.apache.hive/hive-jdbc@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53636?format=api", "purl": "pkg:maven/org.apache.hive/hive-jdbc@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53637?format=api", "purl": "pkg:maven/org.apache.hive/hive-jdbc@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-jdbc@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/57597?format=api", "purl": "pkg:maven/org.apache.hive/hive-service@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-service@2.0.0" } ], "references": [ { "reference_url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/bid/98669", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/98669" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3083", "reference_id": "CVE-2016-3083", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3083" }, { "reference_url": "https://github.com/advisories/GHSA-gf2v-9hp6-44qg", "reference_id": "GHSA-gf2v-9hp6-44qg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gf2v-9hp6-44qg" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 295, "name": "Improper Certificate Validation", "description": "The product does not validate, or incorrectly validates, a certificate." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-me8z-qek2-wfgn" }