Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.wildfly/wildfly-undertow@8.2.1.Final

Type maven

Namespace org.wildfly

Name wildfly-undertow

Version 8.2.1.Final

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 12.0.0.Final

Latest_non_vulnerable_version 12.0.0.Final

Affected_by_vulnerabilities

url VCID-hdp2-qutu-6fas

vulnerability_id VCID-hdp2-qutu-6fas

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:1247

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1247

reference_url

https://access.redhat.com/errata/RHSA-2018:1248

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1248

reference_url

https://access.redhat.com/errata/RHSA-2018:1249

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1249

reference_url

https://access.redhat.com/errata/RHSA-2018:1251

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1251

reference_url

https://access.redhat.com/errata/RHSA-2018:2938

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2938

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1047.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1047.json

reference_url

https://access.redhat.com/security/cve/CVE-2018-1047

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2018-1047

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1047

reference_id

reference_type

scores

value	0.00176
scoring_system	epss
scoring_elements	0.38893
published_at	2026-06-05T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38804
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1047

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1528361

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1528361

reference_url

https://issues.jboss.org/browse/WFLY-9620

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/WFLY-9620

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1047

reference_id

CVE-2018-1047

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1047

reference_url

https://github.com/advisories/GHSA-fmr4-w67p-vh8x

reference_id

GHSA-fmr4-w67p-vh8x

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-fmr4-w67p-vh8x

fixed_packages

url	pkg:maven/org.wildfly/wildfly-undertow@12.0.0
purl	pkg:maven/org.wildfly/wildfly-undertow@12.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly/wildfly-undertow@12.0.0

url	pkg:maven/org.wildfly/wildfly-undertow@12.0.0.Final
purl	pkg:maven/org.wildfly/wildfly-undertow@12.0.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly/wildfly-undertow@12.0.0.Final

aliases CVE-2018-1047, GHSA-fmr4-w67p-vh8x

risk_score 3.9

exploitability 0.5

weighted_severity 7.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdp2-qutu-6fas

url VCID-hvdx-6asd-57ha

vulnerability_id VCID-hvdx-6asd-57ha

summary

WildFly has incomplete blocklist vulnerability
Incomplete blocklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.

references

reference_url

http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/136323/Wildfly-Filter-Restriction-Bypass-Information-Disclosure.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0793.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0793.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-0793

reference_id

reference_type

scores

value	0.3
scoring_system	epss
scoring_elements	0.96748
published_at	2026-06-04T12:55:00Z

value	0.3
scoring_system	epss
scoring_elements	0.96752
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0793

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1305937

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1305937

reference_url

https://github.com/wildfly/wildfly

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wildfly/wildfly

reference_url

https://security.netapp.com/advisory/ntap-20180215-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180215-0001

reference_url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03784en_us

reference_url

https://www.exploit-db.com/exploits/39573

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/39573

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/webapps/39573.txt
reference_id	CVE-2016-0793
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/webapps/39573.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0793

reference_id

CVE-2016-0793

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0793

reference_url	https://github.com/advisories/GHSA-9q87-22gr-r8qf
reference_id	GHSA-9q87-22gr-r8qf
reference_type
scores
url	https://github.com/advisories/GHSA-9q87-22gr-r8qf

fixed_packages

url pkg:maven/org.wildfly/wildfly-undertow@10.0.0.Final

purl pkg:maven/org.wildfly/wildfly-undertow@10.0.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hdp2-qutu-6fas

vulnerability	VCID-me9g-1s7c-m7cw

vulnerability	VCID-q5qt-gu2j-73hj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly/wildfly-undertow@10.0.0.Final

aliases CVE-2016-0793, GHSA-9q87-22gr-r8qf

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvdx-6asd-57ha

url VCID-q5qt-gu2j-73hj

vulnerability_id VCID-q5qt-gu2j-73hj

summary

Uncontrolled Resource Consumption
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0830.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-0830.html

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0831.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-0831.html

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0832.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-0832.html

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0834.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-0834.html

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0876.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-0876.html

reference_url

https://access.redhat.com/errata/RHSA-2017:0872

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:0872

reference_url

https://access.redhat.com/errata/RHSA-2017:0873

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:0873

reference_url

https://access.redhat.com/errata/RHSA-2017:3454

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3454

reference_url

https://access.redhat.com/errata/RHSA-2017:3455

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3455

reference_url

https://access.redhat.com/errata/RHSA-2017:3456

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3456

reference_url

https://access.redhat.com/errata/RHSA-2017:3458

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3458

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9589.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9589.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9589

reference_id

reference_type

scores

value	0.02193
scoring_system	epss
scoring_elements	0.84728
published_at	2026-06-05T12:55:00Z

value	0.02193
scoring_system	epss
scoring_elements	0.84704
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9589

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1404782

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1404782

reference_url

https://github.com/wildfly/wildfly

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wildfly/wildfly

reference_url

https://web.archive.org/web/20200227180917/https://www.securityfocus.com/bid/97060

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227180917/https://www.securityfocus.com/bid/97060

reference_url	https://web.archive.org/web/20200227180917/https://www.securityfocus.com/bid/97060/
reference_id
reference_type
scores
url	https://web.archive.org/web/20200227180917/https://www.securityfocus.com/bid/97060/

reference_url	http://www.securityfocus.com/bid/97060
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97060

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9589

reference_id

CVE-2016-9589

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9589

reference_url

https://github.com/advisories/GHSA-p4xg-cpr9-vwvj

reference_id

GHSA-p4xg-cpr9-vwvj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p4xg-cpr9-vwvj

reference_url	https://access.redhat.com/errata/RHSA-2017:0830
reference_id	RHSA-2017:0830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0830

reference_url	https://access.redhat.com/errata/RHSA-2017:0831
reference_id	RHSA-2017:0831
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0831

reference_url	https://access.redhat.com/errata/RHSA-2017:0832
reference_id	RHSA-2017:0832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0832

reference_url	https://access.redhat.com/errata/RHSA-2017:0834
reference_id	RHSA-2017:0834
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0834

reference_url	https://access.redhat.com/errata/RHSA-2017:0876
reference_id	RHSA-2017:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0876

fixed_packages

url pkg:maven/org.wildfly/wildfly-undertow@11.0.0.Beta1

purl pkg:maven/org.wildfly/wildfly-undertow@11.0.0.Beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hdp2-qutu-6fas

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly/wildfly-undertow@11.0.0.Beta1

aliases CVE-2016-9589, GHSA-p4xg-cpr9-vwvj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q5qt-gu2j-73hj

Fixing_vulnerabilities

Risk_score 3.9

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly/wildfly-undertow@8.2.1.Final

Package Instance