{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38515?format=json","vulnerability_id":"VCID-9bep-jsfw-x3gn","summary":"Cleartext Transmission of Sensitive Information\nTYPO3 sends an HTTP request to an `index.php?loginProvider` URI in cases with an HTTP Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the `userident` and `username` fields.","aliases":[{"alias":"CVE-2017-6370"},{"alias":"GHSA-87hc-phmj-rhgh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53303?format=json","purl":"pkg:composer/typo3/cms@7.6.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-28fn-ncj5-2ufk"},{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-2rmv-a83x-9ka8"},{"vulnerability":"VCID-3ugj-6m1e-e3hr"},{"vulnerability":"VCID-5u2f-5zzf-j3e4"},{"vulnerability":"VCID-66kh-c1dm-8fbf"},{"vulnerability":"VCID-953t-q1cr-zyd6"},{"vulnerability":"VCID-9726-hafj-wkay"},{"vulnerability":"VCID-9saf-w56y-pugz"},{"vulnerability":"VCID-abjx-8v46-d7d8"},{"vulnerability":"VCID-dsqm-9q3e-dudw"},{"vulnerability":"VCID-e564-zdku-9fc6"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fdnw-2tz5-4fdr"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-gpv4-4tpd-tbaa"},{"vulnerability":"VCID-h7cg-64er-uya9"},{"vulnerability":"VCID-hp99-ncuh-6ugv"},{"vulnerability":"VCID-hsw8-nbs6-auaa"},{"vulnerability":"VCID-hyx9-8ae6-sba8"},{"vulnerability":"VCID-j8sh-5evd-dkaz"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-jq5y-7h9g-mufa"},{"vulnerability":"VCID-jqe4-8hzb-mfea"},{"vulnerability":"VCID-jwb1-3sbg-kfa5"},{"vulnerability":"VCID-mctp-nf36-7qdn"},{"vulnerability":"VCID-njsj-bwjq-fyap"},{"vulnerability":"VCID-p576-w7dd-p3h7"},{"vulnerability":"VCID-p7gd-anw2-1qbz"},{"vulnerability":"VCID-qcnh-z4zh-myaw"},{"vulnerability":"VCID-sy7r-d6pv-yba9"},{"vulnerability":"VCID-teby-zvvw-zkhv"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-tzpj-j3x1-ekgk"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-vq15-t92r-5bhx"},{"vulnerability":"VCID-xvyu-2hb8-8ufh"},{"vulnerability":"VCID-xw1s-93bu-wuh9"},{"vulnerability":"VCID-ygw4-jdqu-4fbt"},{"vulnerability":"VCID-yz6t-ge1y-qfgr"},{"vulnerability":"VCID-zybp-mb3d-jyee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53166?format=json","purl":"pkg:composer/typo3/cms@7.6.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-28fn-ncj5-2ufk"},{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-2rmv-a83x-9ka8"},{"vulnerability":"VCID-3ugj-6m1e-e3hr"},{"vulnerability":"VCID-5u2f-5zzf-j3e4"},{"vulnerability":"VCID-66kh-c1dm-8fbf"},{"vulnerability":"VCID-66ru-n2df-b3ay"},{"vulnerability":"VCID-953t-q1cr-zyd6"},{"vulnerability":"VCID-9726-hafj-wkay"},{"vulnerability":"VCID-9bep-jsfw-x3gn"},{"vulnerability":"VCID-9saf-w56y-pugz"},{"vulnerability":"VCID-abjx-8v46-d7d8"},{"vulnerability":"VCID-dsqm-9q3e-dudw"},{"vulnerability":"VCID-e564-zdku-9fc6"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fdnw-2tz5-4fdr"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-gpv4-4tpd-tbaa"},{"vulnerability":"VCID-h7cg-64er-uya9"},{"vulnerability":"VCID-hp99-ncuh-6ugv"},{"vulnerability":"VCID-hsw8-nbs6-auaa"},{"vulnerability":"VCID-hyx9-8ae6-sba8"},{"vulnerability":"VCID-j8sh-5evd-dkaz"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-jq5y-7h9g-mufa"},{"vulnerability":"VCID-jqe4-8hzb-mfea"},{"vulnerability":"VCID-jwb1-3sbg-kfa5"},{"vulnerability":"VCID-mctp-nf36-7qdn"},{"vulnerability":"VCID-njsj-bwjq-fyap"},{"vulnerability":"VCID-p576-w7dd-p3h7"},{"vulnerability":"VCID-p7gd-anw2-1qbz"},{"vulnerability":"VCID-qcnh-z4zh-myaw"},{"vulnerability":"VCID-sy7r-d6pv-yba9"},{"vulnerability":"VCID-teby-zvvw-zkhv"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-tzpj-j3x1-ekgk"},{"vulnerability":"VCID-u5he-6tqb-gqaf"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-vq15-t92r-5bhx"},{"vulnerability":"VCID-xh68-defe-f7ce"},{"vulnerability":"VCID-xvyu-2hb8-8ufh"},{"vulnerability":"VCID-xw1s-93bu-wuh9"},{"vulnerability":"VCID-ygw4-jdqu-4fbt"},{"vulnerability":"VCID-yz6t-ge1y-qfgr"},{"vulnerability":"VCID-zybp-mb3d-jyee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.15"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6370","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29369","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.293","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6370"},{"reference_url":"https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"http://www.securityfocus.com/bid/97071","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/97071"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6370","reference_id":"CVE-2017-6370","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6370"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":319,"name":"Cleartext Transmission of Sensitive Information","description":"The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bep-jsfw-x3gn"}