{"url":"http://public2.vulnerablecode.io/api/packages/513299?format=json","purl":"pkg:deb/debian/rt-authen-externalauth@0.25-1%2Bdeb8u1","type":"deb","namespace":"debian","name":"rt-authen-externalauth","version":"0.25-1+deb8u1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100068?format=json","vulnerability_id":"VCID-9hps-jpdy-m7bf","summary":"Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5361","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40799","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40877","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40881","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4085","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40819","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4083","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5943","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5944","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5944"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513299?format=json","purl":"pkg:deb/debian/rt-authen-externalauth@0.25-1%2Bdeb8u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rt-authen-externalauth@0.25-1%252Bdeb8u1"}],"aliases":["CVE-2017-5361"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hps-jpdy-m7bf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rt-authen-externalauth@0.25-1%252Bdeb8u1"}