{"url":"http://public2.vulnerablecode.io/api/packages/122355?format=json","purl":"pkg:rpm/redhat/jboss-as-osgi-configadmin@7.3.4-1.Final_redhat_1.1.ep6?arch=el5","type":"rpm","namespace":"redhat","name":"jboss-as-osgi-configadmin","version":"7.3.4-1.Final_redhat_1.1.ep6","qualifiers":{"arch":"el5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5045?format=json","vulnerability_id":"VCID-7ghg-a6dy-tkb2","summary":"The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0797.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0797.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0798.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0798.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0799.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0799.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0034.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0034.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0034","reference_id":"","reference_type":"","scores":[{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83056","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83062","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83046","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83017","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.8313","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83116","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83093","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.8309","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83051","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83014","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.82987","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83039","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83003","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0034"},{"reference_url":"https://github.com/apache/cxf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf"},{"reference_url":"https://github.com/apache/cxf/commit/b4b9a010bb23059251400455afabddee15b46127","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/b4b9a010bb23059251400455afabddee15b46127"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1551228","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1551228"},{"reference_url":"http://www.securityfocus.com/bid/68441","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/68441"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093529","reference_id":"1093529","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093529"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0034","reference_id":"CVE-2014-0034","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0034"},{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc","reference_id":"CVE-2014-0034.TXT.ASC","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-38x2-fp9m-87mx","reference_id":"GHSA-38x2-fp9m-87mx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38x2-fp9m-87mx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0797","reference_id":"RHSA-2014:0797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0798","reference_id":"RHSA-2014:0798","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0799","reference_id":"RHSA-2014:0799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1351","reference_id":"RHSA-2014:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-0034","GHSA-38x2-fp9m-87mx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ghg-a6dy-tkb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5019?format=json","vulnerability_id":"VCID-gbpn-pskk-qbae","summary":"Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0109.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0109.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0109","reference_id":"","reference_type":"","scores":[{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90769","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.9077","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90773","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90754","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90758","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.9075","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90744","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90712","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90775","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90781","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90722","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90733","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90706","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0109"},{"reference_url":"https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc"},{"reference_url":"https://github.com/apache/cxf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf"},{"reference_url":"https://github.com/apache/cxf/commit/6dd839afbb4d834ed668738bd89e7775c1cf2f9d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/6dd839afbb4d834ed668738bd89e7775c1cf2f9d"},{"reference_url":"https://github.com/apache/cxf/commit/a5f907b1da89453919218ba0bf70be0d8b6810c5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/a5f907b1da89453919218ba0bf70be0d8b6810c5"},{"reference_url":"https://github.com/apache/cxf/commit/f8ed98e684c1a67a77ae8726db05a04a4978a445","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/cxf/commit/f8ed98e684c1a67a77ae8726db05a04a4978a445"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093526","reference_id":"1093526","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0109","reference_id":"CVE-2014-0109","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0109"},{"reference_url":"https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370740&api=v2","reference_id":"CVE-2014-0109.TXT.ASC?VERSION=1&MODIFICATIONDATE=1398873370740&API=V2","reference_type":"","scores":[],"url":"https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370740&api=v2"},{"reference_url":"https://github.com/advisories/GHSA-5wqf-h3r3-gxvh","reference_id":"GHSA-5wqf-h3r3-gxvh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5wqf-h3r3-gxvh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0797","reference_id":"RHSA-2014:0797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0798","reference_id":"RHSA-2014:0798","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0799","reference_id":"RHSA-2014:0799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1351","reference_id":"RHSA-2014:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-0109","GHSA-5wqf-h3r3-gxvh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbpn-pskk-qbae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5016?format=json","vulnerability_id":"VCID-m18p-dpdb-skf7","summary":"The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0797.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0797.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0798.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0798.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0799.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0799.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0035.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0035","reference_id":"","reference_type":"","scores":[{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76431","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76436","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76458","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76432","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76404","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76514","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76501","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76495","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76461","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76476","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76471","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76386","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76371","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76419","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76375","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0035"},{"reference_url":"https://github.com/apache/cxf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf"},{"reference_url":"https://github.com/apache/cxf/commit/2d2fd1bf67dc2247b6aca31b83a571d865fad1c9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/2d2fd1bf67dc2247b6aca31b83a571d865fad1c9"},{"reference_url":"https://github.com/apache/cxf/commit/5df3f72f1a26b7c9ac2888ab65e41f4105706580","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/cxf/commit/5df3f72f1a26b7c9ac2888ab65e41f4105706580"},{"reference_url":"https://github.com/apache/cxf/commit/d249721708694cbb0f431c0658166ebdcb02ec15","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/d249721708694cbb0f431c0658166ebdcb02ec15"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1564724","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1564724"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093530","reference_id":"1093530","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093530"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0035","reference_id":"CVE-2014-0035","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0035"},{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc","reference_id":"CVE-2014-0035.TXT.ASC","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-v45r-rj5x-hpg2","reference_id":"GHSA-v45r-rj5x-hpg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v45r-rj5x-hpg2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0797","reference_id":"RHSA-2014:0797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0798","reference_id":"RHSA-2014:0798","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0799","reference_id":"RHSA-2014:0799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1351","reference_id":"RHSA-2014:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-0035","GHSA-v45r-rj5x-hpg2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m18p-dpdb-skf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4987?format=json","vulnerability_id":"VCID-qsde-tz92-xqge","summary":"Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.","references":[{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0110.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0110","reference_id":"","reference_type":"","scores":[{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90775","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90706","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90712","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90722","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90733","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90744","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.9075","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90758","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90754","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90773","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.9077","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90769","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90781","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0110"},{"reference_url":"https://github.com/apache/cxf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf"},{"reference_url":"https://github.com/apache/cxf/commit/35cd29270b77b489cb23552637d66d47ce480f4c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/35cd29270b77b489cb23552637d66d47ce480f4c"},{"reference_url":"https://github.com/apache/cxf/commit/643b1bc7320ca90c3e078e50509f9a30a0ab45be","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/643b1bc7320ca90c3e078e50509f9a30a0ab45be"},{"reference_url":"https://github.com/apache/cxf/commit/8f4799b5bc5ed0fe62d6e018c45d960e3652373e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/8f4799b5bc5ed0fe62d6e018c45d960e3652373e"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093527","reference_id":"1093527","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093527"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0110","reference_id":"CVE-2014-0110","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0110"},{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378628&api=v2","reference_id":"CVE-2014-0110.TXT.ASC?VERSION=1&MODIFICATIONDATE=1398873378628&API=V2","reference_type":"","scores":[],"url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378628&api=v2"},{"reference_url":"https://github.com/advisories/GHSA-5xf9-3v63-ww6f","reference_id":"GHSA-5xf9-3v63-ww6f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xf9-3v63-ww6f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0797","reference_id":"RHSA-2014:0797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0798","reference_id":"RHSA-2014:0798","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0799","reference_id":"RHSA-2014:0799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1351","reference_id":"RHSA-2014:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-0110","GHSA-5xf9-3v63-ww6f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsde-tz92-xqge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86264?format=json","vulnerability_id":"VCID-wv41-f9qq-xfgs","summary":"JAX-RS: Information disclosure via XML eXternal Entity (XXE)","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0797.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-0797.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0798.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-0798.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0799.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-0799.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3481.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3481.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3481","reference_id":"","reference_type":"","scores":[{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.78049","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77911","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77918","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77945","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77928","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77955","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77959","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77986","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.7797","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77968","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.78004","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.78003","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77996","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.78029","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.78036","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3481"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/94939","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/94939"},{"reference_url":"http://www.securitytracker.com/id/1032017","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1032017"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1105242","reference_id":"1105242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1105242"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3481","reference_id":"CVE-2014-3481","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0797","reference_id":"RHSA-2014:0797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0798","reference_id":"RHSA-2014:0798","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0799","reference_id":"RHSA-2014:0799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1904","reference_id":"RHSA-2014:1904","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-3481"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv41-f9qq-xfgs"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jboss-as-osgi-configadmin@7.3.4-1.Final_redhat_1.1.ep6%3Farch=el5"}