Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-hbak-tuxz-83e4
Summary
Session Fixation
Apache CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
Aliases
0
alias CVE-2017-5656
1
alias GHSA-v936-x3j5-c76j
Fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-core@3.0.13
purl pkg:maven/org.apache.cxf/cxf-core@3.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.0.13
1
url pkg:maven/org.apache.cxf/cxf-core@3.1.11
purl pkg:maven/org.apache.cxf/cxf-core@3.1.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.1.11
2
url pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.0.13
purl pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.0.13
3
url pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.11
purl pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.11
Affected_packages
0
url pkg:maven/org.apache.cxf/cxf-core@3.0.12
purl pkg:maven/org.apache.cxf/cxf-core@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c8e-gctq-v3fh
1
vulnerability VCID-hbak-tuxz-83e4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.0.12
1
url pkg:maven/org.apache.cxf/cxf-core@3.1.0
purl pkg:maven/org.apache.cxf/cxf-core@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c8e-gctq-v3fh
1
vulnerability VCID-3w9n-4sux-vyh5
2
vulnerability VCID-hbak-tuxz-83e4
3
vulnerability VCID-jyfs-esjx-77ga
4
vulnerability VCID-wk5d-6usk-yyh2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.1.0
2
url pkg:maven/org.apache.cxf/cxf-core@3.1.10
purl pkg:maven/org.apache.cxf/cxf-core@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2c8e-gctq-v3fh
1
vulnerability VCID-hbak-tuxz-83e4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.1.10
3
url pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.0.0
purl pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hbak-tuxz-83e4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.0.0
4
url pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.0
purl pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hbak-tuxz-83e4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.1.0
References
0
reference_url https://access.redhat.com/errata/RHSA-2017:1832
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1832
1
reference_url https://access.redhat.com/errata/RHSA-2018:1694
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1694
2
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
8
reference_url http://www.securityfocus.com/bid/97971
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97971
9
reference_url http://www.securitytracker.com/id/1038282
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1038282
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5656
reference_id CVE-2017-5656
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5656
11
reference_url http://cxf.apache.org/security-advisories.data/CVE-2017-5656.txt.asc?version=1&modificationDate=1492515113282&api=v2
reference_id CVE-2017-5656.TXT.ASC?VERSION=1&MODIFICATIONDATE=1492515113282&API=V2
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2017-5656.txt.asc?version=1&modificationDate=1492515113282&api=v2
12
reference_url https://github.com/advisories/GHSA-v936-x3j5-c76j
reference_id GHSA-v936-x3j5-c76j
reference_type
scores
url https://github.com/advisories/GHSA-v936-x3j5-c76j
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 384
name Session Fixation
description Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-hbak-tuxz-83e4