Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-sxr7-cutf-8kh6
Summary
Cleartext Transmission of Sensitive Information
TYPO3 sends an HTTP request to an `index.php?loginProvider` URI in cases with an HTTP Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the `userident` and `username` fields.
Aliases
0
alias CVE-2017-6370
1
alias GHSA-87hc-phmj-rhgh
Fixed_packages
0
url pkg:composer/typo3/cms@7.6.16
purl pkg:composer/typo3/cms@7.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-fy3g-uegw-2bew
13
vulnerability VCID-gcnj-6qb6-pbgz
14
vulnerability VCID-h63t-9enx-qfdn
15
vulnerability VCID-hpgq-deze-p7dp
16
vulnerability VCID-jqth-wfgx-87cx
17
vulnerability VCID-mnz3-rj21-67ad
18
vulnerability VCID-mqbh-k9n3-nbed
19
vulnerability VCID-mub5-s7h1-57cy
20
vulnerability VCID-n15v-ta9h-6ffb
21
vulnerability VCID-n78p-x7hh-gqcf
22
vulnerability VCID-nt6a-5zkv-pbcm
23
vulnerability VCID-nwxj-3ajk-rkh5
24
vulnerability VCID-pk8d-8u15-5bfq
25
vulnerability VCID-pnfa-cksc-43de
26
vulnerability VCID-rdrs-mhaw-b3ge
27
vulnerability VCID-rzw5-8d1u-sfam
28
vulnerability VCID-sr3p-pdxy-4yhu
29
vulnerability VCID-t3jn-vwbx-u7cr
30
vulnerability VCID-tmrt-6fxw-5ugh
31
vulnerability VCID-tw1y-t4qj-j3d1
32
vulnerability VCID-vndb-w8e1-4ugv
33
vulnerability VCID-wge3-kxdq-f3bz
34
vulnerability VCID-wr5t-xqnn-gkcj
35
vulnerability VCID-wxps-mnue-6bbh
36
vulnerability VCID-xa4m-xpa9-v7h8
37
vulnerability VCID-xqew-bx7v-1qfk
38
vulnerability VCID-y32z-2d3f-gkgw
39
vulnerability VCID-zdq2-dhb2-6kaq
40
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16
Affected_packages
0
url pkg:composer/typo3/cms@7.6.15
purl pkg:composer/typo3/cms@7.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-2fs8-bscc-3ye2
2
vulnerability VCID-5jgb-dsyx-hyb4
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-6b5q-vzs3-pkcc
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-bnne-7p2q-eqd2
7
vulnerability VCID-bxjw-7426-gyb8
8
vulnerability VCID-dbrh-t8zx-nkd9
9
vulnerability VCID-dm97-51uu-r7gw
10
vulnerability VCID-dsu7-jjjq-f3e1
11
vulnerability VCID-ehzg-bzrd-kbcc
12
vulnerability VCID-ep6t-zwd1-4bb3
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-fy3g-uegw-2bew
15
vulnerability VCID-gcnj-6qb6-pbgz
16
vulnerability VCID-h63t-9enx-qfdn
17
vulnerability VCID-hpgq-deze-p7dp
18
vulnerability VCID-jqth-wfgx-87cx
19
vulnerability VCID-mnz3-rj21-67ad
20
vulnerability VCID-mqbh-k9n3-nbed
21
vulnerability VCID-mub5-s7h1-57cy
22
vulnerability VCID-n15v-ta9h-6ffb
23
vulnerability VCID-n78p-x7hh-gqcf
24
vulnerability VCID-nt6a-5zkv-pbcm
25
vulnerability VCID-nwxj-3ajk-rkh5
26
vulnerability VCID-pk8d-8u15-5bfq
27
vulnerability VCID-pnfa-cksc-43de
28
vulnerability VCID-rdrs-mhaw-b3ge
29
vulnerability VCID-rzw5-8d1u-sfam
30
vulnerability VCID-sr3p-pdxy-4yhu
31
vulnerability VCID-sxr7-cutf-8kh6
32
vulnerability VCID-t3jn-vwbx-u7cr
33
vulnerability VCID-tmrt-6fxw-5ugh
34
vulnerability VCID-tw1y-t4qj-j3d1
35
vulnerability VCID-vndb-w8e1-4ugv
36
vulnerability VCID-vrt1-aj9v-2kb6
37
vulnerability VCID-wge3-kxdq-f3bz
38
vulnerability VCID-wr5t-xqnn-gkcj
39
vulnerability VCID-wxps-mnue-6bbh
40
vulnerability VCID-xa4m-xpa9-v7h8
41
vulnerability VCID-xqew-bx7v-1qfk
42
vulnerability VCID-y32z-2d3f-gkgw
43
vulnerability VCID-zdq2-dhb2-6kaq
44
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.15
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6370
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.2984
published_at 2026-04-04T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.2953
published_at 2026-04-24T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29611
published_at 2026-04-21T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29655
published_at 2026-04-18T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29677
published_at 2026-04-16T12:55:00Z
5
value 0.00112
scoring_system epss
scoring_elements 0.29659
published_at 2026-04-13T12:55:00Z
6
value 0.00112
scoring_system epss
scoring_elements 0.2971
published_at 2026-04-12T12:55:00Z
7
value 0.00112
scoring_system epss
scoring_elements 0.29756
published_at 2026-04-11T12:55:00Z
8
value 0.00112
scoring_system epss
scoring_elements 0.29746
published_at 2026-04-01T12:55:00Z
9
value 0.00112
scoring_system epss
scoring_elements 0.29753
published_at 2026-04-09T12:55:00Z
10
value 0.00112
scoring_system epss
scoring_elements 0.29717
published_at 2026-04-08T12:55:00Z
11
value 0.00112
scoring_system epss
scoring_elements 0.29793
published_at 2026-04-02T12:55:00Z
12
value 0.00112
scoring_system epss
scoring_elements 0.29654
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6370
1
reference_url https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url http://www.securityfocus.com/bid/97071
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/97071
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6370
reference_id CVE-2017-6370
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6370
6
reference_url https://github.com/advisories/GHSA-87hc-phmj-rhgh
reference_id GHSA-87hc-phmj-rhgh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-87hc-phmj-rhgh
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 319
name Cleartext Transmission of Sensitive Information
description The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-sxr7-cutf-8kh6