Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/python27-python-pip@7.1.0-2?arch=el7

Type rpm

Namespace redhat

Name python27-python-pip

Version 7.1.0-2

Qualifiers

arch	el7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-172n-hbu2-6fd3

vulnerability_id VCID-172n-hbu2-6fd3

summary

Uncontrolled Resource Consumption
Algorithmic complexity vulnerability in the `ssl.match_hostname` function and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

references

reference_url	http://bugs.python.org/issue17980
reference_id
reference_type
scores
url	http://bugs.python.org/issue17980

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2099.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2099.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2099

reference_id

reference_type

scores

value	0.02979
scoring_system	epss
scoring_elements	0.86778
published_at	2026-06-04T12:55:00Z

value	0.02979
scoring_system	epss
scoring_elements	0.868
published_at	2026-06-05T12:55:00Z

value	0.02979
scoring_system	epss
scoring_elements	0.86797
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2099

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2099
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2099

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2099
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2099

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709066
reference_id	709066
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709066

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709067
reference_id	709067
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709067

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068
reference_id	709068
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709069
reference_id	709069
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709069

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709070
reference_id	709070
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709070

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=963260
reference_id	963260
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=963260

reference_url	https://security.gentoo.org/glsa/201401-04
reference_id	GLSA-201401-04
reference_type
scores
url	https://security.gentoo.org/glsa/201401-04

reference_url	https://access.redhat.com/errata/RHSA-2014:1263
reference_id	RHSA-2014:1263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1263

reference_url	https://access.redhat.com/errata/RHSA-2014:1690
reference_id	RHSA-2014:1690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1690

reference_url	https://access.redhat.com/errata/RHSA-2015:0042
reference_id	RHSA-2015:0042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0042

reference_url	https://access.redhat.com/errata/RHSA-2016:1166
reference_id	RHSA-2016:1166
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1166

reference_url	https://usn.ubuntu.com/1983-1/
reference_id	USN-1983-1
reference_type
scores
url	https://usn.ubuntu.com/1983-1/

reference_url	https://usn.ubuntu.com/1984-1/
reference_id	USN-1984-1
reference_type
scores
url	https://usn.ubuntu.com/1984-1/

reference_url	https://usn.ubuntu.com/1985-1/
reference_id	USN-1985-1
reference_type
scores
url	https://usn.ubuntu.com/1985-1/

fixed_packages

aliases CVE-2013-2099

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-172n-hbu2-6fd3

url VCID-t7p2-zytn-fycp

vulnerability_id VCID-t7p2-zytn-fycp

summary The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7440.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7440.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7440

reference_id

reference_type

scores

value	0.00358
scoring_system	epss
scoring_elements	0.58295
published_at	2026-06-04T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58342
published_at	2026-06-05T12:55:00Z

value	0.00358
scoring_system	epss
scoring_elements	0.58351
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7440

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7440
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7440

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1224999
reference_id	1224999
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1224999

reference_url	https://access.redhat.com/errata/RHSA-2016:1166
reference_id	RHSA-2016:1166
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1166

fixed_packages

aliases CVE-2013-7440

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t7p2-zytn-fycp

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-pip@7.1.0-2%3Farch=el7

Package Instance