VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-ehup-vwea-cba8

Essentials
Severities (21)
References (13)
Severity details (17)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ehup-vwea-cba8
Aliases	CVE-2017-8342 GHSA-rpv4-63g3-9x23 PYSEC-2017-102
Summary	Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2017-8342
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2017-8342
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2017-8342
epss	0.0041	https://api.first.org/data/v1/epss?cve=CVE-2017-8342
cvssv3.1	8.1	https://bugs.debian.org/861514
generic_textual	HIGH	https://bugs.debian.org/861514
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-rpv4-63g3-9x23
cvssv3.1	8.1	https://github.com/Kozea/Radicale
generic_textual	HIGH	https://github.com/Kozea/Radicale
cvssv3.1	8.1	https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst
generic_textual	HIGH	https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst
cvssv3.1	8.1	https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
generic_textual	HIGH	https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
cvssv3.1	8.1	https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
generic_textual	HIGH	https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
cvssv3.1	8.1	https://github.com/pypa/advisory-database/tree/main/vulns/radicale/PYSEC-2017-102.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/radicale/PYSEC-2017-102.yaml
cvssv3.1	8.1	https://lists.debian.org/debian-lts-announce/2020/04/msg00019.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2020/04/msg00019.html
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2017-8342
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2017-8342

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2017-8342
		https://bugs.debian.org/861514
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8342
		https://github.com/Kozea/Radicale
		https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst
		https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
		https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
		https://github.com/pypa/advisory-database/tree/main/vulns/radicale/PYSEC-2017-102.yaml
		https://lists.debian.org/debian-lts-announce/2020/04/msg00019.html
		https://pypi.org/project/radicale
861514		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861514
CVE-2017-8342		https://nvd.nist.gov/vuln/detail/CVE-2017-8342
GHSA-rpv4-63g3-9x23		https://github.com/advisories/GHSA-rpv4-63g3-9x23

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugs.debian.org/861514

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Kozea/Radicale

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/radicale/PYSEC-2017-102.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2020/04/msg00019.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-8342

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.61776
EPSS Score	0.0041
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:26:32.523713+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0