Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/40816?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40816?format=api", "vulnerability_id": "VCID-6ppt-m2fe-1uge", "summary": "Improper Authentication\nThe LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.", "aliases": [ { "alias": "CVE-2015-1772" }, { "alias": "GHSA-5gvm-hrw5-h6xf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53643?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53645?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/57586?format=api", "purl": "pkg:maven/org.apache.hive/hive-exec@1.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/57587?format=api", "purl": "pkg:maven/org.apache.hive/hive-exec@1.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/57607?format=api", "purl": "pkg:maven/org.apache.hive/hive-service@1.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-service@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/57608?format=api", "purl": "pkg:maven/org.apache.hive/hive-service@1.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-service@1.1.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53642?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ppt-m2fe-1uge" }, { "vulnerability": "VCID-e3vr-tx7y-xbg9" }, { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53644?format=api", "purl": "pkg:maven/org.apache.hive/hive@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ppt-m2fe-1uge" }, { "vulnerability": "VCID-me8z-qek2-wfgn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57075?format=api", "purl": "pkg:maven/org.apache.hive/hive-exec@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ppt-m2fe-1uge" }, { "vulnerability": "VCID-e3vr-tx7y-xbg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57585?format=api", "purl": "pkg:maven/org.apache.hive/hive-exec@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ppt-m2fe-1uge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57050?format=api", "purl": "pkg:maven/org.apache.hive/hive-service@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ppt-m2fe-1uge" }, { "vulnerability": "VCID-e3vr-tx7y-xbg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-service@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57606?format=api", "purl": "pkg:maven/org.apache.hive/hive-service@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ppt-m2fe-1uge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-service@1.1.0" } ], "references": [ { "reference_url": "http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E" }, { "reference_url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969546", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969546" }, { "reference_url": "http://www.securitytracker.com/id/1034365", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034365" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1772", "reference_id": "CVE-2015-1772", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1772" }, { "reference_url": "https://github.com/advisories/GHSA-5gvm-hrw5-h6xf", "reference_id": "GHSA-5gvm-hrw5-h6xf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5gvm-hrw5-h6xf" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 287, "name": "Improper Authentication", "description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ppt-m2fe-1uge" }