Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9bep-jsfw-x3gn
Summary
Cleartext Transmission of Sensitive Information
TYPO3 sends an HTTP request to an `index.php?loginProvider` URI in cases with an HTTP Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the `userident` and `username` fields.
Aliases
0
alias CVE-2017-6370
1
alias GHSA-87hc-phmj-rhgh
Fixed_packages
0
url pkg:composer/typo3/cms@7.6.16
purl pkg:composer/typo3/cms@7.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5u2f-5zzf-j3e4
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-953t-q1cr-zyd6
7
vulnerability VCID-9726-hafj-wkay
8
vulnerability VCID-9saf-w56y-pugz
9
vulnerability VCID-abjx-8v46-d7d8
10
vulnerability VCID-dsqm-9q3e-dudw
11
vulnerability VCID-e564-zdku-9fc6
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fdnw-2tz5-4fdr
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-gpv4-4tpd-tbaa
16
vulnerability VCID-h7cg-64er-uya9
17
vulnerability VCID-hp99-ncuh-6ugv
18
vulnerability VCID-hsw8-nbs6-auaa
19
vulnerability VCID-hyx9-8ae6-sba8
20
vulnerability VCID-j8sh-5evd-dkaz
21
vulnerability VCID-jp1p-rfxa-hyd9
22
vulnerability VCID-jq5y-7h9g-mufa
23
vulnerability VCID-jqe4-8hzb-mfea
24
vulnerability VCID-jwb1-3sbg-kfa5
25
vulnerability VCID-mctp-nf36-7qdn
26
vulnerability VCID-njsj-bwjq-fyap
27
vulnerability VCID-p576-w7dd-p3h7
28
vulnerability VCID-p7gd-anw2-1qbz
29
vulnerability VCID-qcnh-z4zh-myaw
30
vulnerability VCID-sy7r-d6pv-yba9
31
vulnerability VCID-teby-zvvw-zkhv
32
vulnerability VCID-tgyt-axv1-c7ag
33
vulnerability VCID-tzpj-j3x1-ekgk
34
vulnerability VCID-uq77-aax5-k7d8
35
vulnerability VCID-vq15-t92r-5bhx
36
vulnerability VCID-xvyu-2hb8-8ufh
37
vulnerability VCID-xw1s-93bu-wuh9
38
vulnerability VCID-ygw4-jdqu-4fbt
39
vulnerability VCID-yz6t-ge1y-qfgr
40
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16
Affected_packages
0
url pkg:composer/typo3/cms@7.6.15
purl pkg:composer/typo3/cms@7.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5u2f-5zzf-j3e4
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-66ru-n2df-b3ay
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-9726-hafj-wkay
9
vulnerability VCID-9bep-jsfw-x3gn
10
vulnerability VCID-9saf-w56y-pugz
11
vulnerability VCID-abjx-8v46-d7d8
12
vulnerability VCID-dsqm-9q3e-dudw
13
vulnerability VCID-e564-zdku-9fc6
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fdnw-2tz5-4fdr
16
vulnerability VCID-fqkx-v8t5-q3h6
17
vulnerability VCID-gpv4-4tpd-tbaa
18
vulnerability VCID-h7cg-64er-uya9
19
vulnerability VCID-hp99-ncuh-6ugv
20
vulnerability VCID-hsw8-nbs6-auaa
21
vulnerability VCID-hyx9-8ae6-sba8
22
vulnerability VCID-j8sh-5evd-dkaz
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-jq5y-7h9g-mufa
25
vulnerability VCID-jqe4-8hzb-mfea
26
vulnerability VCID-jwb1-3sbg-kfa5
27
vulnerability VCID-mctp-nf36-7qdn
28
vulnerability VCID-njsj-bwjq-fyap
29
vulnerability VCID-p576-w7dd-p3h7
30
vulnerability VCID-p7gd-anw2-1qbz
31
vulnerability VCID-qcnh-z4zh-myaw
32
vulnerability VCID-sy7r-d6pv-yba9
33
vulnerability VCID-teby-zvvw-zkhv
34
vulnerability VCID-tgyt-axv1-c7ag
35
vulnerability VCID-tzpj-j3x1-ekgk
36
vulnerability VCID-u5he-6tqb-gqaf
37
vulnerability VCID-uq77-aax5-k7d8
38
vulnerability VCID-vq15-t92r-5bhx
39
vulnerability VCID-xh68-defe-f7ce
40
vulnerability VCID-xvyu-2hb8-8ufh
41
vulnerability VCID-xw1s-93bu-wuh9
42
vulnerability VCID-ygw4-jdqu-4fbt
43
vulnerability VCID-yz6t-ge1y-qfgr
44
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.15
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6370
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.29369
published_at 2026-06-05T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.293
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6370
1
reference_url https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url http://www.securityfocus.com/bid/97071
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/97071
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6370
reference_id CVE-2017-6370
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6370
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 319
name Cleartext Transmission of Sensitive Information
description The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9bep-jsfw-x3gn