Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@2.7-alpha0
purl pkg:maven/org.apache.cxf/cxf-rt-rs-security-xml@2.7-alpha0
Tags Ghost
Next non-vulnerable version 3.3.10
Latest non-vulnerable version 3.4.3
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-ay9n-qxb3-qucj
Aliases:
CVE-2014-3584
GHSA-gw5j-77f9-v2g2
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.
2.7.8
Affected by 2 other vulnerabilities.
3.0.0-milestone1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:46:54.549010+00:00 GitLab Importer Affected by VCID-ay9n-qxb3-qucj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-rs-security-xml/CVE-2014-3584.yml 38.0.0