Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.1
Typemaven
Namespaceorg.apache.cxf
Namecxf-rt-frontend-jaxrs
Version2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.10
Latest_non_vulnerable_version3.4.3
Affected_by_vulnerabilities
0
url VCID-akr4-z7v7-9qbc
vulnerability_id VCID-akr4-z7v7-9qbc
summary Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
references
0
reference_url http://osvdb.org/90078
reference_id
reference_type
scores
url http://osvdb.org/90078
1
reference_url http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0749.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0749.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0239.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0239.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0239
reference_id
reference_type
scores
0
value 0.02653
scoring_system epss
scoring_elements 0.85764
published_at 2026-04-13T12:55:00Z
1
value 0.02653
scoring_system epss
scoring_elements 0.85767
published_at 2026-04-12T12:55:00Z
2
value 0.02653
scoring_system epss
scoring_elements 0.85771
published_at 2026-04-11T12:55:00Z
3
value 0.02653
scoring_system epss
scoring_elements 0.85756
published_at 2026-04-09T12:55:00Z
4
value 0.02653
scoring_system epss
scoring_elements 0.85745
published_at 2026-04-08T12:55:00Z
5
value 0.02653
scoring_system epss
scoring_elements 0.85719
published_at 2026-04-04T12:55:00Z
6
value 0.02653
scoring_system epss
scoring_elements 0.85702
published_at 2026-04-02T12:55:00Z
7
value 0.02653
scoring_system epss
scoring_elements 0.85689
published_at 2026-04-01T12:55:00Z
8
value 0.02653
scoring_system epss
scoring_elements 0.85726
published_at 2026-04-07T12:55:00Z
9
value 0.02653
scoring_system epss
scoring_elements 0.85787
published_at 2026-04-18T12:55:00Z
10
value 0.02653
scoring_system epss
scoring_elements 0.85782
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0239
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239
6
reference_url http://seclists.org/fulldisclosure/2013/Feb/39
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2013/Feb/39
7
reference_url http://secunia.com/advisories/51988
reference_id
reference_type
scores
url http://secunia.com/advisories/51988
8
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/81981
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/81981
9
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
10
reference_url https://github.com/apache/cxf/commit/295a4e2f9eb3e7e0513980202949ccc424dee2d4
reference_id
reference_type
scores
url https://github.com/apache/cxf/commit/295a4e2f9eb3e7e0513980202949ccc424dee2d4
11
reference_url https://github.com/apache/cxf/commit/e4c6b3b0899ef2ba87c2610efc323b71c13dd421
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/e4c6b3b0899ef2ba87c2610efc323b71c13dd421
12
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
24
reference_url http://svn.apache.org/viewvc?view=revision&revision=1438424
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1438424
25
reference_url https://web.archive.org/web/20200229102616/http://www.securityfocus.com/bid/57876
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229102616/http://www.securityfocus.com/bid/57876
26
reference_url http://www.securityfocus.com/bid/57876
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/57876
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=905722
reference_id 905722
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=905722
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0239
reference_id CVE-2013-0239
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0239
55
reference_url http://cxf.apache.org/cve-2013-0239.html
reference_id CVE-2013-0239.HTML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/cve-2013-0239.html
56
reference_url https://github.com/advisories/GHSA-p5c5-6564-vvr8
reference_id GHSA-p5c5-6564-vvr8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p5c5-6564-vvr8
57
reference_url https://access.redhat.com/errata/RHSA-2013:0644
reference_id RHSA-2013:0644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0644
58
reference_url https://access.redhat.com/errata/RHSA-2013:0645
reference_id RHSA-2013:0645
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0645
59
reference_url https://access.redhat.com/errata/RHSA-2013:0649
reference_id RHSA-2013:0649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0649
60
reference_url https://access.redhat.com/errata/RHSA-2013:0749
reference_id RHSA-2013:0749
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0749
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.9
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ay9n-qxb3-qucj
1
vulnerability VCID-darq-bg13-x3fd
2
vulnerability VCID-u5sk-1a1u-zuex
3
vulnerability VCID-x3q1-vymh-jkew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.9
1
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.6
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ay9n-qxb3-qucj
1
vulnerability VCID-darq-bg13-x3fd
2
vulnerability VCID-u5sk-1a1u-zuex
3
vulnerability VCID-x3q1-vymh-jkew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.6
2
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ay9n-qxb3-qucj
1
vulnerability VCID-darq-bg13-x3fd
2
vulnerability VCID-u5sk-1a1u-zuex
3
vulnerability VCID-x3q1-vymh-jkew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3
aliases CVE-2013-0239, GHSA-p5c5-6564-vvr8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akr4-z7v7-9qbc
1
url VCID-ay9n-qxb3-qucj
vulnerability_id VCID-ay9n-qxb3-qucj
summary The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3584.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3584.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3584
reference_id
reference_type
scores
0
value 0.05595
scoring_system epss
scoring_elements 0.90327
published_at 2026-04-18T12:55:00Z
1
value 0.05595
scoring_system epss
scoring_elements 0.90267
published_at 2026-04-01T12:55:00Z
2
value 0.05595
scoring_system epss
scoring_elements 0.9027
published_at 2026-04-02T12:55:00Z
3
value 0.05595
scoring_system epss
scoring_elements 0.90284
published_at 2026-04-04T12:55:00Z
4
value 0.05595
scoring_system epss
scoring_elements 0.90288
published_at 2026-04-07T12:55:00Z
5
value 0.05595
scoring_system epss
scoring_elements 0.90303
published_at 2026-04-08T12:55:00Z
6
value 0.05595
scoring_system epss
scoring_elements 0.9031
published_at 2026-04-09T12:55:00Z
7
value 0.05595
scoring_system epss
scoring_elements 0.90318
published_at 2026-04-11T12:55:00Z
8
value 0.05595
scoring_system epss
scoring_elements 0.90317
published_at 2026-04-12T12:55:00Z
9
value 0.05595
scoring_system epss
scoring_elements 0.90311
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3584
2
reference_url http://seclists.org/oss-sec/2014/q4/437
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q4/437
3
reference_url http://secunia.com/advisories/61909
reference_id
reference_type
scores
url http://secunia.com/advisories/61909
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/97753
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/97753
5
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
6
reference_url https://github.com/apache/cxf/commit/0b3894f57388b9955f2c33b2295223f2835cd7b3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/0b3894f57388b9955f2c33b2295223f2835cd7b3
7
reference_url https://github.com/apache/cxf/commit/47b127dbdb4a10d282be92f2ebbe646f8cf6b03e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/47b127dbdb4a10d282be92f2ebbe646f8cf6b03e
8
reference_url https://issues.apache.org/jira/browse/CXF-5390
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CXF-5390
9
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
21
reference_url http://www.securityfocus.com/bid/70738
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/70738
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1157330
reference_id 1157330
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1157330
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:3.0.0:*:*:*:*:*:*:*
34
reference_url https://bugzilla.redhat.com/CVE-2014-3584
reference_id CVE-2014-3584
reference_type
scores
url https://bugzilla.redhat.com/CVE-2014-3584
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3584
reference_id CVE-2014-3584
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3584
36
reference_url http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc
reference_id CVE-2014-3584.TXT.ASC
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc
37
reference_url https://github.com/advisories/GHSA-gw5j-77f9-v2g2
reference_id GHSA-gw5j-77f9-v2g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gw5j-77f9-v2g2
38
reference_url https://access.redhat.com/errata/RHSA-2014:0400
reference_id RHSA-2014:0400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0400
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.11
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-x3q1-vymh-jkew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.11
1
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.8
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-x3q1-vymh-jkew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.8
2
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.0.1
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-sb6r-52yp-x7g5
2
vulnerability VCID-x3q1-vymh-jkew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.0.1
aliases CVE-2014-3584, GHSA-gw5j-77f9-v2g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ay9n-qxb3-qucj
2
url VCID-darq-bg13-x3fd
vulnerability_id VCID-darq-bg13-x3fd
summary 
Cross-site scripting in Apache CXF
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.
references
0
reference_url http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13954.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13954.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13954
reference_id
reference_type
scores
0
value 0.08411
scoring_system epss
scoring_elements 0.92333
published_at 2026-04-12T12:55:00Z
1
value 0.08411
scoring_system epss
scoring_elements 0.92331
published_at 2026-04-13T12:55:00Z
2
value 0.08411
scoring_system epss
scoring_elements 0.92326
published_at 2026-04-09T12:55:00Z
3
value 0.08411
scoring_system epss
scoring_elements 0.92321
published_at 2026-04-08T12:55:00Z
4
value 0.08411
scoring_system epss
scoring_elements 0.9231
published_at 2026-04-07T12:55:00Z
5
value 0.08411
scoring_system epss
scoring_elements 0.92307
published_at 2026-04-04T12:55:00Z
6
value 0.08411
scoring_system epss
scoring_elements 0.92301
published_at 2026-04-02T12:55:00Z
7
value 0.08411
scoring_system epss
scoring_elements 0.92294
published_at 2026-04-01T12:55:00Z
8
value 0.08411
scoring_system epss
scoring_elements 0.92343
published_at 2026-04-16T12:55:00Z
9
value 0.08411
scoring_system epss
scoring_elements 0.92342
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13954
3
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318a580b6746aa5ef@%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318a580b6746aa5ef@%3Cdev.syncope.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13954
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13954
12
reference_url https://security.netapp.com/advisory/ntap-20210513-0010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210513-0010
13
reference_url https://security.netapp.com/advisory/ntap-20210513-0010/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210513-0010/
14
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
15
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
16
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
17
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
18
reference_url http://www.openwall.com/lists/oss-security/2020/11/12/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/11/12/2
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1898235
reference_id 1898235
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1898235
20
reference_url https://github.com/advisories/GHSA-64x2-gq24-75pv
reference_id GHSA-64x2-gq24-75pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-64x2-gq24-75pv
21
reference_url https://access.redhat.com/errata/RHSA-2021:3205
reference_id RHSA-2021:3205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3205
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.8
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x3q1-vymh-jkew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.8
1
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.1
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x3q1-vymh-jkew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.1
aliases CVE-2020-13954, GHSA-64x2-gq24-75pv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-darq-bg13-x3fd
3
url VCID-n7kg-dj54-qybc
vulnerability_id VCID-n7kg-dj54-qybc
summary 
Improper Input Validation
Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
references
0
reference_url http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
reference_id
reference_type
scores
url http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
1
reference_url http://geronimo.apache.org/21x-security-report.html
reference_id
reference_type
scores
url http://geronimo.apache.org/21x-security-report.html
2
reference_url http://geronimo.apache.org/22x-security-report.html
reference_id
reference_type
scores
url http://geronimo.apache.org/22x-security-report.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2076.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2076.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-2076
reference_id
reference_type
scores
0
value 0.11954
scoring_system epss
scoring_elements 0.93719
published_at 2026-04-01T12:55:00Z
1
value 0.11954
scoring_system epss
scoring_elements 0.93786
published_at 2026-04-18T12:55:00Z
2
value 0.11954
scoring_system epss
scoring_elements 0.9378
published_at 2026-04-16T12:55:00Z
3
value 0.11954
scoring_system epss
scoring_elements 0.93758
published_at 2026-04-13T12:55:00Z
4
value 0.11954
scoring_system epss
scoring_elements 0.93753
published_at 2026-04-09T12:55:00Z
5
value 0.11954
scoring_system epss
scoring_elements 0.9375
published_at 2026-04-08T12:55:00Z
6
value 0.11954
scoring_system epss
scoring_elements 0.93741
published_at 2026-04-07T12:55:00Z
7
value 0.11954
scoring_system epss
scoring_elements 0.93739
published_at 2026-04-04T12:55:00Z
8
value 0.11954
scoring_system epss
scoring_elements 0.93728
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-2076
5
reference_url http://secunia.com/advisories/40969
reference_id
reference_type
scores
url http://secunia.com/advisories/40969
6
reference_url http://secunia.com/advisories/41016
reference_id
reference_type
scores
url http://secunia.com/advisories/41016
7
reference_url http://secunia.com/advisories/41025
reference_id
reference_type
scores
url http://secunia.com/advisories/41025
8
reference_url https://issues.apache.org/jira/browse/GERONIMO-5383
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/GERONIMO-5383
9
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
21
reference_url https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf
22
reference_url http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html
reference_id
reference_type
scores
url http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html
23
reference_url http://www.securityfocus.com/bid/42492
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/42492
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=855707
reference_id 855707
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=855707
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-2076
reference_id CVE-2010-2076
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-2076
27
reference_url http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf
reference_id CVE-2010-2076.PDF
reference_type
scores
url http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf
28
reference_url https://github.com/advisories/GHSA-v8q2-94f6-6xq2
reference_id GHSA-v8q2-94f6-6xq2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8q2-94f6-6xq2
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.1.10
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-akr4-z7v7-9qbc
1
vulnerability VCID-ay9n-qxb3-qucj
2
vulnerability VCID-darq-bg13-x3fd
3
vulnerability VCID-x3q1-vymh-jkew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.1.10
1
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.2.9
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-akr4-z7v7-9qbc
1
vulnerability VCID-ay9n-qxb3-qucj
2
vulnerability VCID-darq-bg13-x3fd
3
vulnerability VCID-x3q1-vymh-jkew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.2.9
aliases CVE-2010-2076, GHSA-v8q2-94f6-6xq2
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7kg-dj54-qybc
4
url VCID-x3q1-vymh-jkew
vulnerability_id VCID-x3q1-vymh-jkew
summary 
Authorization service vulnerable to DDos attacks in Apache CFX
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22696
reference_id
reference_type
scores
0
value 0.01971
scoring_system epss
scoring_elements 0.83574
published_at 2026-04-18T12:55:00Z
1
value 0.01971
scoring_system epss
scoring_elements 0.83573
published_at 2026-04-16T12:55:00Z
2
value 0.01971
scoring_system epss
scoring_elements 0.83539
published_at 2026-04-13T12:55:00Z
3
value 0.01971
scoring_system epss
scoring_elements 0.83543
published_at 2026-04-12T12:55:00Z
4
value 0.01971
scoring_system epss
scoring_elements 0.83549
published_at 2026-04-11T12:55:00Z
5
value 0.01971
scoring_system epss
scoring_elements 0.83534
published_at 2026-04-09T12:55:00Z
6
value 0.01971
scoring_system epss
scoring_elements 0.83524
published_at 2026-04-08T12:55:00Z
7
value 0.01971
scoring_system epss
scoring_elements 0.835
published_at 2026-04-07T12:55:00Z
8
value 0.01971
scoring_system epss
scoring_elements 0.83501
published_at 2026-04-04T12:55:00Z
9
value 0.01971
scoring_system epss
scoring_elements 0.83486
published_at 2026-04-02T12:55:00Z
10
value 0.01971
scoring_system epss
scoring_elements 0.83474
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22696
2
reference_url https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
3
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
4
reference_url https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286
5
reference_url https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04
6
reference_url https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22696
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22696
12
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
13
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
14
reference_url http://www.openwall.com/lists/oss-security/2021/04/02/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/04/02/2
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1946341
reference_id 1946341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1946341
16
reference_url https://github.com/advisories/GHSA-7q4h-pj78-j7vg
reference_id GHSA-7q4h-pj78-j7vg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7q4h-pj78-j7vg
17
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
18
reference_url https://access.redhat.com/errata/RHSA-2022:7273
reference_id RHSA-2022:7273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7273
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.10
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.10
1
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.3
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.3
aliases CVE-2021-22696, GHSA-7q4h-pj78-j7vg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3q1-vymh-jkew
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.1