GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/38825?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38825?format=api",
    "vulnerability_id": "VCID-zkpr-21zk-f3a5",
    "summary": "Improper Authentication\nKura takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. The Equinox console port is left open, logs into Kura without any user credentials over unencrypted telnet and executes commands using the Equinox `exec` command. As the process is running as `root` full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.",
    "aliases": [
        {
            "alias": "CVE-2017-7649"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/54063?format=api",
            "purl": "pkg:maven/org.eclipse.kura/kura@2.1.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.kura/kura@2.1.0"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/54062?format=api",
            "purl": "pkg:maven/org.eclipse.kura/kura@2.0.2",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-zkpr-21zk-f3a5"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.kura/kura@2.0.2"
        }
    ],
    "references": [
        {
            "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7649",
            "reference_id": "CVE-2017-7649",
            "reference_type": "",
            "scores": [],
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7649"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 1035,
            "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."
        },
        {
            "cwe_id": 287,
            "name": "Improper Authentication",
            "description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct."
        },
        {
            "cwe_id": 937,
            "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."
        }
    ],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkpr-21zk-f3a5"
}