Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-cy2v-sp7y-guba

Summary

Improper Restriction of Excessive Authentication Attempts
Apache OpenMeetings uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

Aliases

alias	CVE-2017-7673

Fixed_packages

url	pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
purl	pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0

Affected_packages

url pkg:maven/org.apache.openmeetings/openmeetings-parent@1.0.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-33h6-dtvw-kudy

vulnerability	VCID-4kqb-69nx-ffgr

vulnerability	VCID-73d7-xcav-67h3

vulnerability	VCID-7tkn-ptbs-ruhn

vulnerability	VCID-cy2v-sp7y-guba

vulnerability	VCID-g2md-yap1-pkhe

vulnerability	VCID-gpv8-hbup-pudv

vulnerability	VCID-sv6x-344a-uucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@1.0.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@2.1.1

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-33h6-dtvw-kudy

vulnerability	VCID-4kqb-69nx-ffgr

vulnerability	VCID-73d7-xcav-67h3

vulnerability	VCID-7tkn-ptbs-ruhn

vulnerability	VCID-cy2v-sp7y-guba

vulnerability	VCID-g2md-yap1-pkhe

vulnerability	VCID-gpv8-hbup-pudv

vulnerability	VCID-sv6x-344a-uucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@2.1.1

url pkg:maven/org.apache.openmeetings/openmeetings-parent@2.2.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-33h6-dtvw-kudy

vulnerability	VCID-4kqb-69nx-ffgr

vulnerability	VCID-73d7-xcav-67h3

vulnerability	VCID-7tkn-ptbs-ruhn

vulnerability	VCID-cy2v-sp7y-guba

vulnerability	VCID-g2md-yap1-pkhe

vulnerability	VCID-gpv8-hbup-pudv

vulnerability	VCID-sv6x-344a-uucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@2.2.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.0.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-33h6-dtvw-kudy

vulnerability	VCID-4kqb-69nx-ffgr

vulnerability	VCID-73d7-xcav-67h3

vulnerability	VCID-7cjy-cp47-gfdj

vulnerability	VCID-7tkn-ptbs-ruhn

vulnerability	VCID-cy2v-sp7y-guba

vulnerability	VCID-g2md-yap1-pkhe

vulnerability	VCID-gpv8-hbup-pudv

vulnerability	VCID-sv6x-344a-uucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.0.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.0.7

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-33h6-dtvw-kudy

vulnerability	VCID-4kqb-69nx-ffgr

vulnerability	VCID-73d7-xcav-67h3

vulnerability	VCID-7tkn-ptbs-ruhn

vulnerability	VCID-cy2v-sp7y-guba

vulnerability	VCID-g2md-yap1-pkhe

vulnerability	VCID-gpv8-hbup-pudv

vulnerability	VCID-sv6x-344a-uucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.0.7

url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13a5-bd9x-g7c1

vulnerability	VCID-33h6-dtvw-kudy

vulnerability	VCID-4kqb-69nx-ffgr

vulnerability	VCID-5y29-hbr6-dqbg

vulnerability	VCID-73d7-xcav-67h3

vulnerability	VCID-7tkn-ptbs-ruhn

vulnerability	VCID-cy2v-sp7y-guba

vulnerability	VCID-g2md-yap1-pkhe

vulnerability	VCID-gpv8-hbup-pudv

vulnerability	VCID-h2vq-z9kt-5fe2

vulnerability	VCID-sv6x-344a-uucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.5

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-33h6-dtvw-kudy

vulnerability	VCID-4kqb-69nx-ffgr

vulnerability	VCID-5y29-hbr6-dqbg

vulnerability	VCID-73d7-xcav-67h3

vulnerability	VCID-7tkn-ptbs-ruhn

vulnerability	VCID-cy2v-sp7y-guba

vulnerability	VCID-g2md-yap1-pkhe

vulnerability	VCID-gpv8-hbup-pudv

vulnerability	VCID-sv6x-344a-uucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.5

url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.2.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-33h6-dtvw-kudy

vulnerability	VCID-4kqb-69nx-ffgr

vulnerability	VCID-5y29-hbr6-dqbg

vulnerability	VCID-73d7-xcav-67h3

vulnerability	VCID-7tkn-ptbs-ruhn

vulnerability	VCID-cy2v-sp7y-guba

vulnerability	VCID-g2md-yap1-pkhe

vulnerability	VCID-gpv8-hbup-pudv

vulnerability	VCID-sv6x-344a-uucy

vulnerability	VCID-y22j-q9ga-vyfu

vulnerability	VCID-z9e2-6vk2-5kca

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.2.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.2.1

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-33h6-dtvw-kudy

vulnerability	VCID-4kqb-69nx-ffgr

vulnerability	VCID-5y29-hbr6-dqbg

vulnerability	VCID-73d7-xcav-67h3

vulnerability	VCID-7tkn-ptbs-ruhn

vulnerability	VCID-cy2v-sp7y-guba

vulnerability	VCID-g2md-yap1-pkhe

vulnerability	VCID-gpv8-hbup-pudv

vulnerability	VCID-sv6x-344a-uucy

vulnerability	VCID-y22j-q9ga-vyfu

vulnerability	VCID-z9e2-6vk2-5kca

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.2.1

References

reference_url	http://www.securityfocus.com/bid/99587
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99587

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7673
reference_id	CVE-2017-7673
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7673

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	307
name	Improper Restriction of Excessive Authentication Attempts
description	The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

cwe_id	326
name	Inadequate Encryption Strength
description	The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cy2v-sp7y-guba

Vulnerability Instance