VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://cxf.apache.org/cve-2013-0239.html
generic_textual	MODERATE	http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2013-0749.html
epss	0.02653	https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss	0.02653	https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss	0.02653	https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss	0.02653	https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss	0.02653	https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss	0.02653	https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss	0.02653	https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss	0.02653	https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss	0.02653	https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss	0.02653	https://api.first.org/data/v1/epss?cve=CVE-2013-0239
generic_textual	MODERATE	http://seclists.org/fulldisclosure/2013/Feb/39
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/81981
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-p5c5-6564-vvr8
generic_textual	MODERATE	https://github.com/apache/cxf
generic_textual	MODERATE	https://github.com/apache/cxf/commit/e4c6b3b0899ef2ba87c2610efc323b71c13dd421
generic_textual	MODERATE	https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2013-0239
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2013-0239
generic_textual	MODERATE	http://svn.apache.org/viewvc?view=revision&revision=1438424
generic_textual	MODERATE	https://web.archive.org/web/20200229102616/http://www.securityfocus.com/bid/57876

System

Score

Found at

generic_textual

MODERATE

http://cxf.apache.org/cve-2013-0239.html

generic_textual

MODERATE

http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2013-0749.html

epss

0.02653

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

epss

0.02653

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

epss

0.02653

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

epss

0.02653

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

epss

0.02653

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

epss

0.02653

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

epss

0.02653

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

epss

0.02653

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

epss

0.02653

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

epss

0.02653

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

generic_textual

MODERATE

http://seclists.org/fulldisclosure/2013/Feb/39

generic_textual

MODERATE

https://exchange.xforce.ibmcloud.com/vulnerabilities/81981

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-p5c5-6564-vvr8

generic_textual

MODERATE

https://github.com/apache/cxf

generic_textual

MODERATE

https://github.com/apache/cxf/commit/e4c6b3b0899ef2ba87c2610efc323b71c13dd421

generic_textual

MODERATE

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

cvssv2

5.0

https://nvd.nist.gov/vuln/detail/CVE-2013-0239

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2013-0239

generic_textual

MODERATE

http://svn.apache.org/viewvc?view=revision&revision=1438424

generic_textual

MODERATE

https://web.archive.org/web/20200229102616/http://www.securityfocus.com/bid/57876

Reference id	Reference type	URL
		http://osvdb.org/90078
		http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html
		http://rhn.redhat.com/errata/RHSA-2013-0749.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0239.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-0239
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239
		http://seclists.org/fulldisclosure/2013/Feb/39
		http://secunia.com/advisories/51988
		https://exchange.xforce.ibmcloud.com/vulnerabilities/81981
		https://github.com/apache/cxf
		https://github.com/apache/cxf/commit/295a4e2f9eb3e7e0513980202949ccc424dee2d4
		https://github.com/apache/cxf/commit/e4c6b3b0899ef2ba87c2610efc323b71c13dd421
		https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
		https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
		http://svn.apache.org/viewvc?view=revision&revision=1438424
		https://web.archive.org/web/20200229102616/http://www.securityfocus.com/bid/57876
		http://www.securityfocus.com/bid/57876
905722		https://bugzilla.redhat.com/show_bug.cgi?id=905722
cpe:2.3:a:apache:cxf::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf::::::::
cpe:2.3:a:apache:cxf:2.4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.0:::::::*
cpe:2.3:a:apache:cxf:2.4.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.1:::::::*
cpe:2.3:a:apache:cxf:2.4.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.2:::::::*
cpe:2.3:a:apache:cxf:2.4.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.3:::::::*
cpe:2.3:a:apache:cxf:2.4.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.4:::::::*
cpe:2.3:a:apache:cxf:2.4.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.5:::::::*
cpe:2.3:a:apache:cxf:2.4.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.6:::::::*
cpe:2.3:a:apache:cxf:2.4.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.7:::::::*
cpe:2.3:a:apache:cxf:2.5.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:::::::*
cpe:2.3:a:apache:cxf:2.5.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:::::::*
cpe:2.3:a:apache:cxf:2.5.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:::::::*
cpe:2.3:a:apache:cxf:2.5.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:::::::*
cpe:2.3:a:apache:cxf:2.5.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.4:::::::*
cpe:2.3:a:apache:cxf:2.5.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.5:::::::*
cpe:2.3:a:apache:cxf:2.5.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.6:::::::*
cpe:2.3:a:apache:cxf:2.5.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.7:::::::*
cpe:2.3:a:apache:cxf:2.6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:::::::*
cpe:2.3:a:apache:cxf:2.6.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:::::::*
cpe:2.3:a:apache:cxf:2.6.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:::::::*
cpe:2.3:a:apache:cxf:2.6.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:::::::*
cpe:2.3:a:apache:cxf:2.6.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:::::::*
cpe:2.3:a:apache:cxf:2.6.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:::::::*
cpe:2.3:a:apache:cxf:2.7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:::::::*
cpe:2.3:a:apache:cxf:2.7.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:::::::*
cpe:2.3:a:apache:cxf:2.7.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:::::::*
CVE-2013-0239		https://nvd.nist.gov/vuln/detail/CVE-2013-0239
CVE-2013-0239.HTML		http://cxf.apache.org/cve-2013-0239.html
GHSA-p5c5-6564-vvr8		https://github.com/advisories/GHSA-p5c5-6564-vvr8
RHSA-2013:0644		https://access.redhat.com/errata/RHSA-2013:0644
RHSA-2013:0645		https://access.redhat.com/errata/RHSA-2013:0645
RHSA-2013:0649		https://access.redhat.com/errata/RHSA-2013:0649
RHSA-2013:0749		https://access.redhat.com/errata/RHSA-2013:0749

Reference id

Reference type

URL

http://osvdb.org/90078

http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html

http://rhn.redhat.com/errata/RHSA-2013-0749.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0239.json

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239

http://seclists.org/fulldisclosure/2013/Feb/39

http://secunia.com/advisories/51988

https://exchange.xforce.ibmcloud.com/vulnerabilities/81981

https://github.com/apache/cxf

https://github.com/apache/cxf/commit/295a4e2f9eb3e7e0513980202949ccc424dee2d4

https://github.com/apache/cxf/commit/e4c6b3b0899ef2ba87c2610efc323b71c13dd421

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

http://svn.apache.org/viewvc?view=revision&revision=1438424

https://web.archive.org/web/20200229102616/http://www.securityfocus.com/bid/57876

http://www.securityfocus.com/bid/57876

905722

https://bugzilla.redhat.com/show_bug.cgi?id=905722

cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*

CVE-2013-0239

https://nvd.nist.gov/vuln/detail/CVE-2013-0239

CVE-2013-0239.HTML

http://cxf.apache.org/cve-2013-0239.html

GHSA-p5c5-6564-vvr8

https://github.com/advisories/GHSA-p5c5-6564-vvr8

RHSA-2013:0644

https://access.redhat.com/errata/RHSA-2013:0644

RHSA-2013:0645

https://access.redhat.com/errata/RHSA-2013:0645

RHSA-2013:0649

https://access.redhat.com/errata/RHSA-2013:0649

RHSA-2013:0749

https://access.redhat.com/errata/RHSA-2013:0749

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:38:25.806678+00:00	ProjectKB MSRImporter	Import	https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv	38.0.0

2026-04-01T12:38:25.806678+00:00

ProjectKB MSRImporter

Import

https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv

38.0.0

Vulnerability ID	VCID-akr4-z7v7-9qbc
Aliases	CVE-2013-0239 GHSA-p5c5-6564-vvr8
Summary	Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-287	Improper Authentication
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Percentile	0.85689
EPSS Score	0.02653
Published At	April 1, 2026, 12:55 p.m.