Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pywbem@0.7.0
Typepypi
Namespace
Namepywbem
Version0.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.8.1
Latest_non_vulnerable_version0.8.1
Affected_by_vulnerabilities
0
url VCID-9nbd-nv8g-7bab
vulnerability_id VCID-9nbd-nv8g-7bab
summary PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1039801
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1039801
1
reference_url http://seclists.org/oss-sec/2013/q4/531
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/531
2
reference_url http://secunia.com/advisories/58327
reference_id
reference_type
scores
url http://secunia.com/advisories/58327
3
reference_url http://sourceforge.net/p/pywbem/code/627/
reference_id
reference_type
scores
url http://sourceforge.net/p/pywbem/code/627/
4
reference_url http://sourceforge.net/p/pywbem/mailman/message/31757312/
reference_id
reference_type
scores
url http://sourceforge.net/p/pywbem/mailman/message/31757312/
5
reference_url https://www.suse.com/support/update/announcement/2014/suse-su-20140580-1.html
reference_id
reference_type
scores
url https://www.suse.com/support/update/announcement/2014/suse-su-20140580-1.html
6
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
7
reference_url http://www.securityfocus.com/bid/64544
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64544
fixed_packages
0
url pkg:pypi/pywbem@0.8.1
purl pkg:pypi/pywbem@0.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pywbem@0.8.1
aliases CVE-2013-6418, PYSEC-2014-93
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nbd-nv8g-7bab
1
url VCID-krja-a96b-73e1
vulnerability_id VCID-krja-a96b-73e1
summary PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1044246
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1044246
1
reference_url http://seclists.org/oss-sec/2013/q4/524
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/524
2
reference_url http://sourceforge.net/p/pywbem/code/627/
reference_id
reference_type
scores
url http://sourceforge.net/p/pywbem/code/627/
3
reference_url http://sourceforge.net/p/pywbem/mailman/message/31757312/
reference_id
reference_type
scores
url http://sourceforge.net/p/pywbem/mailman/message/31757312/
4
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
5
reference_url http://www.securityfocus.com/bid/64544
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64544
fixed_packages
0
url pkg:pypi/pywbem@0.8.1
purl pkg:pypi/pywbem@0.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pywbem@0.8.1
aliases CVE-2013-6444, PYSEC-2014-94
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-krja-a96b-73e1
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pywbem@0.7.0