{"url":"http://public2.vulnerablecode.io/api/packages/283976?format=json","purl":"pkg:rpm/redhat/picketbox@4.0.19-8.SP8_redhat_1.1.ep6?arch=el6","type":"rpm","namespace":"redhat","name":"picketbox","version":"4.0.19-8.SP8_redhat_1.1.ep6","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60349?format=json","vulnerability_id":"VCID-3pvj-mqqr-3yce","summary":"Uncontrolled Resource Consumption in Apache CXF\nApache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0109.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0109.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0109","reference_id":"","reference_type":"","scores":[{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90884","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0109"},{"reference_url":"https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc"},{"reference_url":"https://github.com/apache/cxf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf"},{"reference_url":"https://github.com/apache/cxf/commit/6dd839afbb4d834ed668738bd89e7775c1cf2f9d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/6dd839afbb4d834ed668738bd89e7775c1cf2f9d"},{"reference_url":"https://github.com/apache/cxf/commit/a5f907b1da89453919218ba0bf70be0d8b6810c5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/a5f907b1da89453919218ba0bf70be0d8b6810c5"},{"reference_url":"https://github.com/apache/cxf/commit/f8ed98e684c1a67a77ae8726db05a04a4978a445","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/cxf/commit/f8ed98e684c1a67a77ae8726db05a04a4978a445"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0109","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0109"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093526","reference_id":"1093526","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093526"},{"reference_url":"https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370740&api=v2","reference_id":"CVE-2014-0109.TXT.ASC?VERSION=1&MODIFICATIONDATE=1398873370740&API=V2","reference_type":"","scores":[],"url":"https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370740&api=v2"},{"reference_url":"https://github.com/advisories/GHSA-5wqf-h3r3-gxvh","reference_id":"GHSA-5wqf-h3r3-gxvh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5wqf-h3r3-gxvh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0797","reference_id":"RHSA-2014:0797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0798","reference_id":"RHSA-2014:0798","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0799","reference_id":"RHSA-2014:0799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1351","reference_id":"RHSA-2014:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-0109","GHSA-5wqf-h3r3-gxvh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pvj-mqqr-3yce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62421?format=json","vulnerability_id":"VCID-4123-2dzq-dyh7","summary":"Uncontrolled Resource Consumption in Apache CXF\nApache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.","references":[{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0110.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0110","reference_id":"","reference_type":"","scores":[{"value":"0.06069","scoring_system":"epss","scoring_elements":"0.90884","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0110"},{"reference_url":"https://github.com/apache/cxf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf"},{"reference_url":"https://github.com/apache/cxf/commit/35cd29270b77b489cb23552637d66d47ce480f4c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/35cd29270b77b489cb23552637d66d47ce480f4c"},{"reference_url":"https://github.com/apache/cxf/commit/643b1bc7320ca90c3e078e50509f9a30a0ab45be","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/643b1bc7320ca90c3e078e50509f9a30a0ab45be"},{"reference_url":"https://github.com/apache/cxf/commit/8f4799b5bc5ed0fe62d6e018c45d960e3652373e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/8f4799b5bc5ed0fe62d6e018c45d960e3652373e"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0110","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0110"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093527","reference_id":"1093527","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093527"},{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378628&api=v2","reference_id":"CVE-2014-0110.TXT.ASC?VERSION=1&MODIFICATIONDATE=1398873378628&API=V2","reference_type":"","scores":[],"url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378628&api=v2"},{"reference_url":"https://github.com/advisories/GHSA-5xf9-3v63-ww6f","reference_id":"GHSA-5xf9-3v63-ww6f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xf9-3v63-ww6f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0797","reference_id":"RHSA-2014:0797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0798","reference_id":"RHSA-2014:0798","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0799","reference_id":"RHSA-2014:0799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1351","reference_id":"RHSA-2014:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-0110","GHSA-5xf9-3v63-ww6f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4123-2dzq-dyh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58042?format=json","vulnerability_id":"VCID-amp8-nnqc-mber","summary":"Cleartext Transmission of Sensitive Information in Apache CXF\nThe SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.","references":[{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0797.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0797.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0798.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0798.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0799.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0799.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0035.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0035","reference_id":"","reference_type":"","scores":[{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.7673","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0035"},{"reference_url":"https://github.com/apache/cxf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf"},{"reference_url":"https://github.com/apache/cxf/commit/2d2fd1bf67dc2247b6aca31b83a571d865fad1c9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/2d2fd1bf67dc2247b6aca31b83a571d865fad1c9"},{"reference_url":"https://github.com/apache/cxf/commit/5df3f72f1a26b7c9ac2888ab65e41f4105706580","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/cxf/commit/5df3f72f1a26b7c9ac2888ab65e41f4105706580"},{"reference_url":"https://github.com/apache/cxf/commit/d249721708694cbb0f431c0658166ebdcb02ec15","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/d249721708694cbb0f431c0658166ebdcb02ec15"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0035","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0035"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1564724","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1564724"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093530","reference_id":"1093530","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093530"},{"reference_url":"https://github.com/advisories/GHSA-v45r-rj5x-hpg2","reference_id":"GHSA-v45r-rj5x-hpg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v45r-rj5x-hpg2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0797","reference_id":"RHSA-2014:0797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0798","reference_id":"RHSA-2014:0798","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0799","reference_id":"RHSA-2014:0799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1351","reference_id":"RHSA-2014:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-0035","GHSA-v45r-rj5x-hpg2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amp8-nnqc-mber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68694?format=json","vulnerability_id":"VCID-u7ar-abqm-hya4","summary":"JAX-RS: Information disclosure via XML eXternal Entity (XXE)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3481.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3481.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3481","reference_id":"","reference_type":"","scores":[{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.78261","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3481"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1105242","reference_id":"1105242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1105242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0797","reference_id":"RHSA-2014:0797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0798","reference_id":"RHSA-2014:0798","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0799","reference_id":"RHSA-2014:0799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0895","reference_id":"RHSA-2014:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1904","reference_id":"RHSA-2014:1904","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0720","reference_id":"RHSA-2015:0720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0765","reference_id":"RHSA-2015:0765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-3481"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7ar-abqm-hya4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61269?format=json","vulnerability_id":"VCID-v5uc-g2q5-rkdb","summary":"Improper Input Validation in Apache CXF\nThe SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.","references":[{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0797.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0797.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0798.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0798.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0799.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0799.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1351.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0034.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0034.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0034","reference_id":"","reference_type":"","scores":[{"value":"0.01861","scoring_system":"epss","scoring_elements":"0.83378","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0034"},{"reference_url":"https://github.com/apache/cxf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf"},{"reference_url":"https://github.com/apache/cxf/commit/b4b9a010bb23059251400455afabddee15b46127","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/b4b9a010bb23059251400455afabddee15b46127"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0034","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0034"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1551228","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1551228"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093529","reference_id":"1093529","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093529"},{"reference_url":"https://github.com/advisories/GHSA-38x2-fp9m-87mx","reference_id":"GHSA-38x2-fp9m-87mx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38x2-fp9m-87mx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0797","reference_id":"RHSA-2014:0797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0798","reference_id":"RHSA-2014:0798","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0799","reference_id":"RHSA-2014:0799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1351","reference_id":"RHSA-2014:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[],"aliases":["CVE-2014-0034","GHSA-38x2-fp9m-87mx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5uc-g2q5-rkdb"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketbox@4.0.19-8.SP8_redhat_1.1.ep6%3Farch=el6"}