Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.0
Typemaven
Namespaceorg.apache.cxf
Namecxf-rt-frontend-jaxrs
Version2.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.7.3
Latest_non_vulnerable_version3.2.1
Affected_by_vulnerabilities
0
url VCID-bc6q-5xj6-8bcp
vulnerability_id VCID-bc6q-5xj6-8bcp
summary 
Denial of Service (DoS) via invalid JAX-RS SAML tokens
The `SamlHeaderInHandler` in this package allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.
references
0
reference_url http://seclists.org/oss-sec/2014/q4/437
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2014/q4/437
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/97753
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/97753
2
reference_url https://issues.apache.org/jira/browse/CXF-5390
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/CXF-5390
3
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
9
reference_url https://bugzilla.redhat.com/CVE-2014-3584
reference_id CVE-2014-3584
reference_type
scores
url https://bugzilla.redhat.com/CVE-2014-3584
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3584
reference_id CVE-2014-3584
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-3584
11
reference_url http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc
reference_id CVE-2014-3584.TXT.ASC
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc
12
reference_url https://github.com/advisories/GHSA-gw5j-77f9-v2g2
reference_id GHSA-gw5j-77f9-v2g2
reference_type
scores
url https://github.com/advisories/GHSA-gw5j-77f9-v2g2
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.8
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.8
1
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.0.1
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.0.1
aliases CVE-2014-3584, GHSA-gw5j-77f9-v2g2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bc6q-5xj6-8bcp
1
url VCID-cppb-xhj5-a7ep
vulnerability_id VCID-cppb-xhj5-a7ep
summary 
UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate
When the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
references
0
reference_url http://osvdb.org/90078
reference_id
reference_type
scores
url http://osvdb.org/90078
1
reference_url http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0749.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0749.html
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239
4
reference_url http://seclists.org/fulldisclosure/2013/Feb/39
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2013/Feb/39
5
reference_url http://secunia.com/advisories/51988
reference_id
reference_type
scores
url http://secunia.com/advisories/51988
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/81981
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/81981
7
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
13
reference_url http://svn.apache.org/viewvc?view=revision&revision=1438424
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1438424
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0239
reference_id CVE-2013-0239
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-0239
15
reference_url http://cxf.apache.org/cve-2013-0239.html
reference_id CVE-2013-0239.HTML
reference_type
scores
url http://cxf.apache.org/cve-2013-0239.html
16
reference_url https://github.com/advisories/GHSA-p5c5-6564-vvr8
reference_id GHSA-p5c5-6564-vvr8
reference_type
scores
url https://github.com/advisories/GHSA-p5c5-6564-vvr8
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3
aliases CVE-2013-0239, GHSA-p5c5-6564-vvr8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cppb-xhj5-a7ep
2
url VCID-py4t-2k9m-1ff5
vulnerability_id VCID-py4t-2k9m-1ff5
summary 
Denial of Service Attacks on Apache CXF
The streaming XML parser in this package remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of elements, attributes, nested constructs, and possibly other vectors.
references
0
reference_url http://jira.codehaus.org/browse/WSTX-285
reference_id
reference_type
scores
url http://jira.codehaus.org/browse/WSTX-285
1
reference_url http://jira.codehaus.org/browse/WSTX-287
reference_id
reference_type
scores
url http://jira.codehaus.org/browse/WSTX-287
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-1028.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-1028.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1437.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-1437.html
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=929197
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=929197
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2160
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2160
6
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2160
reference_id CVE-2013-2160
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-2160
13
reference_url http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
reference_id CVE-2013-2160.TXT.ASC
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
14
reference_url https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
reference_id CVE-2013-2160.TXT.ASC
reference_type
scores
url https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
15
reference_url https://github.com/advisories/GHSA-254q-rp36-v2m8
reference_id GHSA-254q-rp36-v2m8
reference_type
scores
url https://github.com/advisories/GHSA-254q-rp36-v2m8
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.4
purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.4
aliases CVE-2013-2160, GHSA-254q-rp36-v2m8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-py4t-2k9m-1ff5
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.0