Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.cxf/cxf@2.5.3
Typemaven
Namespaceorg.apache.cxf
Namecxf
Version2.5.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.4.10
Latest_non_vulnerable_version3.5.5
Affected_by_vulnerabilities
0
url VCID-669s-jgrm-efgg
vulnerability_id VCID-669s-jgrm-efgg
summary It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.
references
0
reference_url http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2
reference_id
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2
1
reference_url https://access.redhat.com/errata/RHSA-2018:2276
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2276
2
reference_url https://access.redhat.com/errata/RHSA-2018:2277
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2277
3
reference_url https://access.redhat.com/errata/RHSA-2018:2279
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2279
4
reference_url https://access.redhat.com/errata/RHSA-2018:2423
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2423
5
reference_url https://access.redhat.com/errata/RHSA-2018:2424
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2424
6
reference_url https://access.redhat.com/errata/RHSA-2018:2425
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2425
7
reference_url https://access.redhat.com/errata/RHSA-2018:2428
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2428
8
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
9
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3768
10
reference_url https://access.redhat.com/errata/RHSA-2018:3817
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3817
11
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8039.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8039.json
12
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8039
reference_id
reference_type
scores
0
value 0.02899
scoring_system epss
scoring_elements 0.86295
published_at 2026-04-02T12:55:00Z
1
value 0.02899
scoring_system epss
scoring_elements 0.86313
published_at 2026-04-04T12:55:00Z
2
value 0.02899
scoring_system epss
scoring_elements 0.86315
published_at 2026-04-07T12:55:00Z
3
value 0.02899
scoring_system epss
scoring_elements 0.86342
published_at 2026-04-09T12:55:00Z
4
value 0.02899
scoring_system epss
scoring_elements 0.86333
published_at 2026-04-08T12:55:00Z
5
value 0.02899
scoring_system epss
scoring_elements 0.86286
published_at 2026-04-01T12:55:00Z
6
value 0.02899
scoring_system epss
scoring_elements 0.86355
published_at 2026-04-12T12:55:00Z
7
value 0.02899
scoring_system epss
scoring_elements 0.8635
published_at 2026-04-13T12:55:00Z
8
value 0.02899
scoring_system epss
scoring_elements 0.86357
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8039
13
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
14
reference_url https://github.com/apache/cxf/commit/8ed6208f987ff72e4c4d2cf8a6b1ec9b27575d4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/8ed6208f987ff72e4c4d2cf8a6b1ec9b27575d4
15
reference_url https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741
reference_id
reference_type
scores
url https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741
16
reference_url https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b
17
reference_url https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866%40%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866%40%3Cdev.cxf.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
31
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
32
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
33
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
34
reference_url http://www.securityfocus.com/bid/106357
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106357
35
reference_url http://www.securitytracker.com/id/1041199
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041199
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1595332
reference_id 1595332
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1595332
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8039
reference_id CVE-2018-8039
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8039
40
reference_url https://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc
reference_id CVE-2018-8039.TXT.ASC
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc
41
reference_url https://github.com/advisories/GHSA-jc7r-v6fg-2gpf
reference_id GHSA-jc7r-v6fg-2gpf
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jc7r-v6fg-2gpf
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@3.1.16
purl pkg:maven/org.apache.cxf/cxf@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d68d-u8dc-r3be
1
vulnerability VCID-darq-bg13-x3fd
2
vulnerability VCID-edja-kj1j-7kh5
3
vulnerability VCID-fekg-fn5e-augk
4
vulnerability VCID-puuh-m697-eqbf
5
vulnerability VCID-wkt1-qfpk-ybg4
6
vulnerability VCID-x3q1-vymh-jkew
7
vulnerability VCID-xzs8-rbhd-mkbp
8
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.1.16
1
url pkg:maven/org.apache.cxf/cxf@3.2.5
purl pkg:maven/org.apache.cxf/cxf@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d68d-u8dc-r3be
1
vulnerability VCID-darq-bg13-x3fd
2
vulnerability VCID-edja-kj1j-7kh5
3
vulnerability VCID-fekg-fn5e-augk
4
vulnerability VCID-puuh-m697-eqbf
5
vulnerability VCID-wkt1-qfpk-ybg4
6
vulnerability VCID-x3q1-vymh-jkew
7
vulnerability VCID-xzs8-rbhd-mkbp
8
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.2.5
aliases CVE-2018-8039, GHSA-jc7r-v6fg-2gpf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-669s-jgrm-efgg
1
url VCID-6dpm-n1kk-5fer
vulnerability_id VCID-6dpm-n1kk-5fer
summary The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
references
0
reference_url http://osvdb.org/90079
reference_id
reference_type
scores
url http://osvdb.org/90079
1
reference_url http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0256.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0256.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0257.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0257.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0258.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0258.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0259.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0259.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2013-0726.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0726.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2013-0743.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0743.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2013-0749.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0749.html
9
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5633.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5633.json
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5633
reference_id
reference_type
scores
0
value 0.01785
scoring_system epss
scoring_elements 0.82664
published_at 2026-04-01T12:55:00Z
1
value 0.01785
scoring_system epss
scoring_elements 0.82734
published_at 2026-04-12T12:55:00Z
2
value 0.01785
scoring_system epss
scoring_elements 0.8274
published_at 2026-04-11T12:55:00Z
3
value 0.01785
scoring_system epss
scoring_elements 0.82723
published_at 2026-04-09T12:55:00Z
4
value 0.01785
scoring_system epss
scoring_elements 0.82716
published_at 2026-04-08T12:55:00Z
5
value 0.01785
scoring_system epss
scoring_elements 0.8269
published_at 2026-04-07T12:55:00Z
6
value 0.01785
scoring_system epss
scoring_elements 0.82694
published_at 2026-04-04T12:55:00Z
7
value 0.01785
scoring_system epss
scoring_elements 0.8268
published_at 2026-04-02T12:55:00Z
8
value 0.01785
scoring_system epss
scoring_elements 0.82731
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5633
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5633
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5633
12
reference_url http://seclists.org/fulldisclosure/2013/Feb/39
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2013/Feb/39
13
reference_url http://secunia.com/advisories/51988
reference_id
reference_type
scores
url http://secunia.com/advisories/51988
14
reference_url http://secunia.com/advisories/52183
reference_id
reference_type
scores
url http://secunia.com/advisories/52183
15
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/81980
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/81980
16
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
17
reference_url https://github.com/apache/cxf/commit/0cbc56618b6048847debe670d54919e227744401
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/0cbc56618b6048847debe670d54919e227744401
18
reference_url https://github.com/apache/cxf/commit/1a6b532d53a7b98018871982049e4b0c80dc837c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/1a6b532d53a7b98018871982049e4b0c80dc837c
19
reference_url https://github.com/apache/cxf/commit/94a98b3fe9c79e2cf3941acbbad216ba54999bc0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/94a98b3fe9c79e2cf3941acbbad216ba54999bc0
20
reference_url https://github.com/apache/cxf/commit/d99f96aa970d9f2faa8ed45e278a403af48757ae
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/d99f96aa970d9f2faa8ed45e278a403af48757ae
21
reference_url https://github.com/apache/cxf/commit/db11c9115f31e171de4622149f157d8283f6c720
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/db11c9115f31e171de4622149f157d8283f6c720
22
reference_url https://github.com/apache/cxf/commit/e0cdf873942b4d3fbc253e8ce6bb6fce3898019d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/e0cdf873942b4d3fbc253e8ce6bb6fce3898019d
23
reference_url https://github.com/apache/cxf/commit/e733c692e933a7f82424d3744aace9304cd5d4f6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/e733c692e933a7f82424d3744aace9304cd5d4f6
24
reference_url https://issues.apache.org/jira/browse/CXF-4629
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CXF-4629
25
reference_url https://issues.jboss.org/browse/JBWS-3575
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/JBWS-3575
26
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
38
reference_url http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests
39
reference_url http://svn.apache.org/viewvc?view=revision&revision=1409324
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1409324
40
reference_url http://svn.apache.org/viewvc?view=revision&revision=1420698
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1420698
41
reference_url https://web.archive.org/web/20130216044418/http://www.securityfocus.com:80/bid/57874
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130216044418/http://www.securityfocus.com:80/bid/57874
42
reference_url http://www.securityfocus.com/bid/57874
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/57874
43
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=889008
reference_id 889008
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=889008
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-5633
reference_id CVE-2012-5633
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-5633
60
reference_url http://cxf.apache.org/cve-2012-5633.html
reference_id CVE-2012-5633.HTML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/cve-2012-5633.html
61
reference_url https://github.com/advisories/GHSA-xf9f-32gh-h2w4
reference_id GHSA-xf9f-32gh-h2w4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xf9f-32gh-h2w4
62
reference_url https://access.redhat.com/errata/RHSA-2013:0256
reference_id RHSA-2013:0256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0256
63
reference_url https://access.redhat.com/errata/RHSA-2013:0257
reference_id RHSA-2013:0257
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0257
64
reference_url https://access.redhat.com/errata/RHSA-2013:0258
reference_id RHSA-2013:0258
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0258
65
reference_url https://access.redhat.com/errata/RHSA-2013:0259
reference_id RHSA-2013:0259
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0259
66
reference_url https://access.redhat.com/errata/RHSA-2013:0644
reference_id RHSA-2013:0644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0644
67
reference_url https://access.redhat.com/errata/RHSA-2013:0645
reference_id RHSA-2013:0645
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0645
68
reference_url https://access.redhat.com/errata/RHSA-2013:0649
reference_id RHSA-2013:0649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0649
69
reference_url https://access.redhat.com/errata/RHSA-2013:0726
reference_id RHSA-2013:0726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0726
70
reference_url https://access.redhat.com/errata/RHSA-2013:0743
reference_id RHSA-2013:0743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0743
71
reference_url https://access.redhat.com/errata/RHSA-2013:0749
reference_id RHSA-2013:0749
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0749
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@2.5.8
purl pkg:maven/org.apache.cxf/cxf@2.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-669s-jgrm-efgg
1
vulnerability VCID-d68d-u8dc-r3be
2
vulnerability VCID-darq-bg13-x3fd
3
vulnerability VCID-edja-kj1j-7kh5
4
vulnerability VCID-fekg-fn5e-augk
5
vulnerability VCID-puuh-m697-eqbf
6
vulnerability VCID-wkt1-qfpk-ybg4
7
vulnerability VCID-x3q1-vymh-jkew
8
vulnerability VCID-xzs8-rbhd-mkbp
9
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.5.8
1
url pkg:maven/org.apache.cxf/cxf@2.6.5
purl pkg:maven/org.apache.cxf/cxf@2.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-669s-jgrm-efgg
1
vulnerability VCID-d68d-u8dc-r3be
2
vulnerability VCID-darq-bg13-x3fd
3
vulnerability VCID-edja-kj1j-7kh5
4
vulnerability VCID-fekg-fn5e-augk
5
vulnerability VCID-puuh-m697-eqbf
6
vulnerability VCID-wkt1-qfpk-ybg4
7
vulnerability VCID-x3q1-vymh-jkew
8
vulnerability VCID-xzs8-rbhd-mkbp
9
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.6.5
2
url pkg:maven/org.apache.cxf/cxf@2.7.2
purl pkg:maven/org.apache.cxf/cxf@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-669s-jgrm-efgg
1
vulnerability VCID-d68d-u8dc-r3be
2
vulnerability VCID-darq-bg13-x3fd
3
vulnerability VCID-edja-kj1j-7kh5
4
vulnerability VCID-fekg-fn5e-augk
5
vulnerability VCID-puuh-m697-eqbf
6
vulnerability VCID-wkt1-qfpk-ybg4
7
vulnerability VCID-x3q1-vymh-jkew
8
vulnerability VCID-xzs8-rbhd-mkbp
9
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.7.2
aliases CVE-2012-5633, GHSA-xf9f-32gh-h2w4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6dpm-n1kk-5fer
2
url VCID-b91g-m3nt-1bgq
vulnerability_id VCID-b91g-m3nt-1bgq
summary Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2012-1559.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-1559.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2012-1573.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-1573.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2012-1591.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-1591.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2012-1592.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-1592.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2012-1593.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-1593.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2012-1594.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-1594.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2013-0191.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0191.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2013-0192.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0192.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2013-0193.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0193.html
9
reference_url http://rhn.redhat.com/errata/RHSA-2013-0194.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0194.html
10
reference_url http://rhn.redhat.com/errata/RHSA-2013-0195.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0195.html
11
reference_url http://rhn.redhat.com/errata/RHSA-2013-0196.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0196.html
12
reference_url http://rhn.redhat.com/errata/RHSA-2013-0197.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0197.html
13
reference_url http://rhn.redhat.com/errata/RHSA-2013-0198.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0198.html
14
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2379.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2379.json
15
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2379
reference_id
reference_type
scores
0
value 0.03752
scoring_system epss
scoring_elements 0.87972
published_at 2026-04-01T12:55:00Z
1
value 0.03752
scoring_system epss
scoring_elements 0.88031
published_at 2026-04-13T12:55:00Z
2
value 0.03752
scoring_system epss
scoring_elements 0.88038
published_at 2026-04-11T12:55:00Z
3
value 0.03752
scoring_system epss
scoring_elements 0.88028
published_at 2026-04-09T12:55:00Z
4
value 0.03752
scoring_system epss
scoring_elements 0.88021
published_at 2026-04-08T12:55:00Z
5
value 0.03752
scoring_system epss
scoring_elements 0.88001
published_at 2026-04-07T12:55:00Z
6
value 0.03752
scoring_system epss
scoring_elements 0.87996
published_at 2026-04-04T12:55:00Z
7
value 0.03752
scoring_system epss
scoring_elements 0.87982
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2379
16
reference_url https://cxf.apache.org/cve-2012-2379.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cxf.apache.org/cve-2012-2379.html
17
reference_url http://secunia.com/advisories/51607
reference_id
reference_type
scores
url http://secunia.com/advisories/51607
18
reference_url http://secunia.com/advisories/51984
reference_id
reference_type
scores
url http://secunia.com/advisories/51984
19
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
20
reference_url https://github.com/apache/cxf/commit/440528d928be1e2030e7227b958c9c072847d9b2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/440528d928be1e2030e7227b958c9c072847d9b2
21
reference_url https://github.com/apache/cxf/commit/4500bf901cb2a7312291b6663045f28a95d2a0c4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/4500bf901cb2a7312291b6663045f28a95d2a0c4
22
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
34
reference_url https://svn.apache.org/viewvc?view=revision&revision=1338219
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://svn.apache.org/viewvc?view=revision&revision=1338219
35
reference_url http://svn.apache.org/viewvc?view=revision&revision=1338219
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=1338219
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=826534
reference_id 826534
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=826534
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2379
reference_id CVE-2012-2379
reference_type
scores
0
value 10.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:C/I:C/A:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2379
51
reference_url http://cxf.apache.org/cve-2012-2379.html
reference_id CVE-2012-2379.HTML
reference_type
scores
url http://cxf.apache.org/cve-2012-2379.html
52
reference_url https://github.com/advisories/GHSA-2g99-c67p-56hm
reference_id GHSA-2g99-c67p-56hm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2g99-c67p-56hm
53
reference_url https://access.redhat.com/errata/RHSA-2012:1559
reference_id RHSA-2012:1559
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1559
54
reference_url https://access.redhat.com/errata/RHSA-2012:1573
reference_id RHSA-2012:1573
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1573
55
reference_url https://access.redhat.com/errata/RHSA-2012:1591
reference_id RHSA-2012:1591
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1591
56
reference_url https://access.redhat.com/errata/RHSA-2012:1592
reference_id RHSA-2012:1592
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1592
57
reference_url https://access.redhat.com/errata/RHSA-2012:1593
reference_id RHSA-2012:1593
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1593
58
reference_url https://access.redhat.com/errata/RHSA-2012:1594
reference_id RHSA-2012:1594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1594
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@2.5.4
purl pkg:maven/org.apache.cxf/cxf@2.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-669s-jgrm-efgg
1
vulnerability VCID-6dpm-n1kk-5fer
2
vulnerability VCID-d68d-u8dc-r3be
3
vulnerability VCID-darq-bg13-x3fd
4
vulnerability VCID-edja-kj1j-7kh5
5
vulnerability VCID-fekg-fn5e-augk
6
vulnerability VCID-n8bd-use6-pbb2
7
vulnerability VCID-puuh-m697-eqbf
8
vulnerability VCID-wkt1-qfpk-ybg4
9
vulnerability VCID-x3q1-vymh-jkew
10
vulnerability VCID-xzs8-rbhd-mkbp
11
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.5.4
1
url pkg:maven/org.apache.cxf/cxf@2.6.1
purl pkg:maven/org.apache.cxf/cxf@2.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-669s-jgrm-efgg
1
vulnerability VCID-6dpm-n1kk-5fer
2
vulnerability VCID-d68d-u8dc-r3be
3
vulnerability VCID-darq-bg13-x3fd
4
vulnerability VCID-edja-kj1j-7kh5
5
vulnerability VCID-fekg-fn5e-augk
6
vulnerability VCID-n8bd-use6-pbb2
7
vulnerability VCID-puuh-m697-eqbf
8
vulnerability VCID-wkt1-qfpk-ybg4
9
vulnerability VCID-x3q1-vymh-jkew
10
vulnerability VCID-xzs8-rbhd-mkbp
11
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.6.1
aliases CVE-2012-2379, GHSA-2g99-c67p-56hm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b91g-m3nt-1bgq
3
url VCID-d68d-u8dc-r3be
vulnerability_id VCID-d68d-u8dc-r3be
summary 
Potential DOS attack due to unrestricted attachment count in messages
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count".
references
0
reference_url http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12406.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12406.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12406
reference_id
reference_type
scores
0
value 0.04134
scoring_system epss
scoring_elements 0.88658
published_at 2026-04-11T12:55:00Z
1
value 0.04134
scoring_system epss
scoring_elements 0.88646
published_at 2026-04-09T12:55:00Z
2
value 0.04134
scoring_system epss
scoring_elements 0.88642
published_at 2026-04-08T12:55:00Z
3
value 0.04134
scoring_system epss
scoring_elements 0.88623
published_at 2026-04-07T12:55:00Z
4
value 0.04134
scoring_system epss
scoring_elements 0.88622
published_at 2026-04-04T12:55:00Z
5
value 0.04134
scoring_system epss
scoring_elements 0.88651
published_at 2026-04-13T12:55:00Z
6
value 0.04134
scoring_system epss
scoring_elements 0.88605
published_at 2026-04-02T12:55:00Z
7
value 0.04134
scoring_system epss
scoring_elements 0.88595
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12406
3
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r92238967ba2783d3ab5a483f2e17f5fdaa8ace98990f69f9e8e15de0@%3Cissues.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r92238967ba2783d3ab5a483f2e17f5fdaa8ace98990f69f9e8e15de0@%3Cissues.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r92238967ba2783d3ab5a483f2e17f5fdaa8ace98990f69f9e8e15de0%40%3Cissues.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r92238967ba2783d3ab5a483f2e17f5fdaa8ace98990f69f9e8e15de0%40%3Cissues.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rabc395b38acb7f2465bfbf0bc16d6e1e95720c89bea87abe8808eeea@%3Cissues.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rabc395b38acb7f2465bfbf0bc16d6e1e95720c89bea87abe8808eeea@%3Cissues.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rabc395b38acb7f2465bfbf0bc16d6e1e95720c89bea87abe8808eeea%40%3Cissues.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rabc395b38acb7f2465bfbf0bc16d6e1e95720c89bea87abe8808eeea%40%3Cissues.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rb2a6dab1f781f55326543c56dc29ea677759439ddfeba920c83037e6@%3Cissues.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb2a6dab1f781f55326543c56dc29ea677759439ddfeba920c83037e6@%3Cissues.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rb2a6dab1f781f55326543c56dc29ea677759439ddfeba920c83037e6%40%3Cissues.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rb2a6dab1f781f55326543c56dc29ea677759439ddfeba920c83037e6%40%3Cissues.cxf.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rca465c9d1e1969281338522b76701c85a07abd045c494261137236e0@%3Cissues.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca465c9d1e1969281338522b76701c85a07abd045c494261137236e0@%3Cissues.cxf.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rca465c9d1e1969281338522b76701c85a07abd045c494261137236e0%40%3Cissues.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rca465c9d1e1969281338522b76701c85a07abd045c494261137236e0%40%3Cissues.cxf.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12406
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12406
24
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
25
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
26
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1816170
reference_id 1816170
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1816170
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
33
reference_url https://github.com/advisories/GHSA-58p8-9g59-q2hr
reference_id GHSA-58p8-9g59-q2hr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-58p8-9g59-q2hr
34
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
35
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
36
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
37
reference_url https://access.redhat.com/errata/RHSA-2020:5568
reference_id RHSA-2020:5568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5568
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@3.2.11
purl pkg:maven/org.apache.cxf/cxf@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-edja-kj1j-7kh5
2
vulnerability VCID-fekg-fn5e-augk
3
vulnerability VCID-wkt1-qfpk-ybg4
4
vulnerability VCID-x3q1-vymh-jkew
5
vulnerability VCID-xzs8-rbhd-mkbp
6
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.2.11
1
url pkg:maven/org.apache.cxf/cxf@3.3.4
purl pkg:maven/org.apache.cxf/cxf@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-edja-kj1j-7kh5
2
vulnerability VCID-fekg-fn5e-augk
3
vulnerability VCID-wkt1-qfpk-ybg4
4
vulnerability VCID-x3q1-vymh-jkew
5
vulnerability VCID-xzs8-rbhd-mkbp
6
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.3.4
aliases CVE-2019-12406, GHSA-58p8-9g59-q2hr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d68d-u8dc-r3be
4
url VCID-darq-bg13-x3fd
vulnerability_id VCID-darq-bg13-x3fd
summary 
Cross-site scripting in Apache CXF
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.
references
0
reference_url http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13954.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13954.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13954
reference_id
reference_type
scores
0
value 0.08411
scoring_system epss
scoring_elements 0.92326
published_at 2026-04-09T12:55:00Z
1
value 0.08411
scoring_system epss
scoring_elements 0.92321
published_at 2026-04-08T12:55:00Z
2
value 0.08411
scoring_system epss
scoring_elements 0.9231
published_at 2026-04-07T12:55:00Z
3
value 0.08411
scoring_system epss
scoring_elements 0.92307
published_at 2026-04-04T12:55:00Z
4
value 0.08411
scoring_system epss
scoring_elements 0.92294
published_at 2026-04-01T12:55:00Z
5
value 0.08411
scoring_system epss
scoring_elements 0.92301
published_at 2026-04-02T12:55:00Z
6
value 0.08411
scoring_system epss
scoring_elements 0.92331
published_at 2026-04-13T12:55:00Z
7
value 0.08411
scoring_system epss
scoring_elements 0.92333
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13954
3
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318a580b6746aa5ef@%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318a580b6746aa5ef@%3Cdev.syncope.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13954
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13954
12
reference_url https://security.netapp.com/advisory/ntap-20210513-0010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210513-0010
13
reference_url https://security.netapp.com/advisory/ntap-20210513-0010/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210513-0010/
14
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
15
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
16
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
17
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
18
reference_url http://www.openwall.com/lists/oss-security/2020/11/12/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/11/12/2
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1898235
reference_id 1898235
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1898235
20
reference_url https://github.com/advisories/GHSA-64x2-gq24-75pv
reference_id GHSA-64x2-gq24-75pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-64x2-gq24-75pv
21
reference_url https://access.redhat.com/errata/RHSA-2021:3205
reference_id RHSA-2021:3205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3205
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@3.3.8
purl pkg:maven/org.apache.cxf/cxf@3.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x3q1-vymh-jkew
1
vulnerability VCID-xzs8-rbhd-mkbp
2
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.3.8
1
url pkg:maven/org.apache.cxf/cxf@3.4.1
purl pkg:maven/org.apache.cxf/cxf@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x3q1-vymh-jkew
1
vulnerability VCID-xzs8-rbhd-mkbp
2
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.4.1
aliases CVE-2020-13954, GHSA-64x2-gq24-75pv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-darq-bg13-x3fd
5
url VCID-edja-kj1j-7kh5
vulnerability_id VCID-edja-kj1j-7kh5
summary 
Private key leak in Apache CXF
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter `rs.security.keystore.type` to `jwk`. For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. `oct` keys, which contain secret keys, are not returned at all.
references
0
reference_url http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12423.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12423.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12423
reference_id
reference_type
scores
0
value 0.01164
scoring_system epss
scoring_elements 0.78645
published_at 2026-04-11T12:55:00Z
1
value 0.01164
scoring_system epss
scoring_elements 0.78621
published_at 2026-04-09T12:55:00Z
2
value 0.01164
scoring_system epss
scoring_elements 0.78614
published_at 2026-04-08T12:55:00Z
3
value 0.01164
scoring_system epss
scoring_elements 0.78569
published_at 2026-04-01T12:55:00Z
4
value 0.01164
scoring_system epss
scoring_elements 0.78576
published_at 2026-04-02T12:55:00Z
5
value 0.01164
scoring_system epss
scoring_elements 0.78589
published_at 2026-04-07T12:55:00Z
6
value 0.01164
scoring_system epss
scoring_elements 0.78607
published_at 2026-04-04T12:55:00Z
7
value 0.01164
scoring_system epss
scoring_elements 0.78619
published_at 2026-04-13T12:55:00Z
8
value 0.01164
scoring_system epss
scoring_elements 0.78627
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12423
3
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c@%3Cannounce.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12423
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12423
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1797006
reference_id 1797006
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1797006
14
reference_url https://github.com/advisories/GHSA-42f2-f9vc-6365
reference_id GHSA-42f2-f9vc-6365
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-42f2-f9vc-6365
15
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
16
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
17
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
18
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
19
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
20
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
21
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
22
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
23
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
24
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
25
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
26
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
27
reference_url https://access.redhat.com/errata/RHSA-2020:5568
reference_id RHSA-2020:5568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5568
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@3.2.12
purl pkg:maven/org.apache.cxf/cxf@3.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-fekg-fn5e-augk
2
vulnerability VCID-x3q1-vymh-jkew
3
vulnerability VCID-xzs8-rbhd-mkbp
4
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.2.12
1
url pkg:maven/org.apache.cxf/cxf@3.3.5
purl pkg:maven/org.apache.cxf/cxf@3.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-fekg-fn5e-augk
2
vulnerability VCID-x3q1-vymh-jkew
3
vulnerability VCID-xzs8-rbhd-mkbp
4
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.3.5
aliases CVE-2019-12423, GHSA-42f2-f9vc-6365
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edja-kj1j-7kh5
6
url VCID-fekg-fn5e-augk
vulnerability_id VCID-fekg-fn5e-augk
summary 
Exposure of Sensitive Information to an Unauthorized Actor in Apache CXF
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1954.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1954.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1954
reference_id
reference_type
scores
0
value 0.00216
scoring_system epss
scoring_elements 0.44238
published_at 2026-04-13T12:55:00Z
1
value 0.00216
scoring_system epss
scoring_elements 0.44174
published_at 2026-04-01T12:55:00Z
2
value 0.00216
scoring_system epss
scoring_elements 0.44239
published_at 2026-04-02T12:55:00Z
3
value 0.00216
scoring_system epss
scoring_elements 0.44262
published_at 2026-04-04T12:55:00Z
4
value 0.00216
scoring_system epss
scoring_elements 0.44195
published_at 2026-04-07T12:55:00Z
5
value 0.00216
scoring_system epss
scoring_elements 0.44247
published_at 2026-04-08T12:55:00Z
6
value 0.00216
scoring_system epss
scoring_elements 0.44252
published_at 2026-04-09T12:55:00Z
7
value 0.00216
scoring_system epss
scoring_elements 0.4427
published_at 2026-04-11T12:55:00Z
8
value 0.00216
scoring_system epss
scoring_elements 0.44237
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1954
2
reference_url https://github.com/apache/cxf/commit/1cf4fed546904a4a2560f53a2a2391d834b4026c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/1cf4fed546904a4a2560f53a2a2391d834b4026c
3
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
9
reference_url https://security.netapp.com/advisory/ntap-20220210-0001
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0001
10
reference_url https://security.netapp.com/advisory/ntap-20220210-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0001/
11
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1824301
reference_id 1824301
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1824301
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
reference_id cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1954
reference_id CVE-2020-1954
reference_type
scores
0
value 2.9
scoring_system cvssv2
scoring_elements AV:A/AC:M/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1954
24
reference_url http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2
reference_id CVE-2020-1954.TXT.ASC?VERSION=1&MODIFICATIONDATE=1585730169000&API=V2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2
25
reference_url https://github.com/advisories/GHSA-ffm7-7r8g-77xm
reference_id GHSA-ffm7-7r8g-77xm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffm7-7r8g-77xm
26
reference_url https://access.redhat.com/errata/RHSA-2020:3585
reference_id RHSA-2020:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3585
27
reference_url https://access.redhat.com/errata/RHSA-2020:4244
reference_id RHSA-2020:4244
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4244
28
reference_url https://access.redhat.com/errata/RHSA-2020:4245
reference_id RHSA-2020:4245
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4245
29
reference_url https://access.redhat.com/errata/RHSA-2020:4246
reference_id RHSA-2020:4246
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4246
30
reference_url https://access.redhat.com/errata/RHSA-2020:4247
reference_id RHSA-2020:4247
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4247
31
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
32
reference_url https://access.redhat.com/errata/RHSA-2020:4960
reference_id RHSA-2020:4960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4960
33
reference_url https://access.redhat.com/errata/RHSA-2020:4961
reference_id RHSA-2020:4961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4961
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@3.3.6
purl pkg:maven/org.apache.cxf/cxf@3.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-x3q1-vymh-jkew
2
vulnerability VCID-xzs8-rbhd-mkbp
3
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.3.6
aliases CVE-2020-1954, GHSA-ffm7-7r8g-77xm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fekg-fn5e-augk
7
url VCID-n8bd-use6-pbb2
vulnerability_id VCID-n8bd-use6-pbb2
summary Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2012-1591.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1591.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2012-1592.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1592.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2012-1594.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1594.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0256.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0256.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0257.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0257.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0258.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0258.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2013-0259.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0259.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2013-0726.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0726.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2013-0743.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0743.html
9
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3451.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3451.json
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3451
reference_id
reference_type
scores
0
value 0.09969
scoring_system epss
scoring_elements 0.9304
published_at 2026-04-13T12:55:00Z
1
value 0.09969
scoring_system epss
scoring_elements 0.93012
published_at 2026-04-01T12:55:00Z
2
value 0.09969
scoring_system epss
scoring_elements 0.93021
published_at 2026-04-02T12:55:00Z
3
value 0.09969
scoring_system epss
scoring_elements 0.93025
published_at 2026-04-04T12:55:00Z
4
value 0.09969
scoring_system epss
scoring_elements 0.93024
published_at 2026-04-07T12:55:00Z
5
value 0.09969
scoring_system epss
scoring_elements 0.93032
published_at 2026-04-08T12:55:00Z
6
value 0.09969
scoring_system epss
scoring_elements 0.93037
published_at 2026-04-09T12:55:00Z
7
value 0.09969
scoring_system epss
scoring_elements 0.93041
published_at 2026-04-11T12:55:00Z
8
value 0.09969
scoring_system epss
scoring_elements 0.93039
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3451
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=851896
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=851896
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3451
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3451
13
reference_url http://secunia.com/advisories/51607
reference_id
reference_type
scores
url http://secunia.com/advisories/51607
14
reference_url http://secunia.com/advisories/52183
reference_id
reference_type
scores
url http://secunia.com/advisories/52183
15
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78734
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78734
16
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
17
reference_url https://github.com/apache/cxf/commit/7230648f96573820d5bfa82c92c637391b448897
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/7230648f96573820d5bfa82c92c637391b448897
18
reference_url https://github.com/apache/cxf/commit/878fe37f0b09888a42005fedc725ce497b5a694a
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/878fe37f0b09888a42005fedc725ce497b5a694a
19
reference_url https://github.com/apache/cxf/commit/9c70abe28fbf2b4c4df0b93ed12295ea5a012554
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/9c70abe28fbf2b4c4df0b93ed12295ea5a012554
20
reference_url https://github.com/apache/cxf/commit/deeeaa95a861b355068ca6febc7aa02a4a8c51e5
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/deeeaa95a861b355068ca6febc7aa02a4a8c51e5
21
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
33
reference_url http://svn.apache.org/viewvc?view=revision&revision=1368559
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1368559
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3451
reference_id CVE-2012-3451
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3451
36
reference_url http://cxf.apache.org/cve-2012-3451.html
reference_id CVE-2012-3451.HTML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/cve-2012-3451.html
37
reference_url https://github.com/advisories/GHSA-55j7-f5wf-43m4
reference_id GHSA-55j7-f5wf-43m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-55j7-f5wf-43m4
38
reference_url https://access.redhat.com/errata/RHSA-2012:1591
reference_id RHSA-2012:1591
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1591
39
reference_url https://access.redhat.com/errata/RHSA-2012:1592
reference_id RHSA-2012:1592
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1592
40
reference_url https://access.redhat.com/errata/RHSA-2012:1594
reference_id RHSA-2012:1594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1594
41
reference_url https://access.redhat.com/errata/RHSA-2013:0256
reference_id RHSA-2013:0256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0256
42
reference_url https://access.redhat.com/errata/RHSA-2013:0257
reference_id RHSA-2013:0257
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0257
43
reference_url https://access.redhat.com/errata/RHSA-2013:0258
reference_id RHSA-2013:0258
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0258
44
reference_url https://access.redhat.com/errata/RHSA-2013:0259
reference_id RHSA-2013:0259
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0259
45
reference_url https://access.redhat.com/errata/RHSA-2013:0726
reference_id RHSA-2013:0726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0726
46
reference_url https://access.redhat.com/errata/RHSA-2013:0743
reference_id RHSA-2013:0743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0743
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@2.5.5
purl pkg:maven/org.apache.cxf/cxf@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-669s-jgrm-efgg
1
vulnerability VCID-6dpm-n1kk-5fer
2
vulnerability VCID-d68d-u8dc-r3be
3
vulnerability VCID-darq-bg13-x3fd
4
vulnerability VCID-edja-kj1j-7kh5
5
vulnerability VCID-fekg-fn5e-augk
6
vulnerability VCID-puuh-m697-eqbf
7
vulnerability VCID-wkt1-qfpk-ybg4
8
vulnerability VCID-x3q1-vymh-jkew
9
vulnerability VCID-xzs8-rbhd-mkbp
10
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.5.5
1
url pkg:maven/org.apache.cxf/cxf@2.6.2
purl pkg:maven/org.apache.cxf/cxf@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-669s-jgrm-efgg
1
vulnerability VCID-6dpm-n1kk-5fer
2
vulnerability VCID-d68d-u8dc-r3be
3
vulnerability VCID-darq-bg13-x3fd
4
vulnerability VCID-edja-kj1j-7kh5
5
vulnerability VCID-fekg-fn5e-augk
6
vulnerability VCID-puuh-m697-eqbf
7
vulnerability VCID-wkt1-qfpk-ybg4
8
vulnerability VCID-x3q1-vymh-jkew
9
vulnerability VCID-xzs8-rbhd-mkbp
10
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.6.2
aliases CVE-2012-3451, GHSA-55j7-f5wf-43m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8bd-use6-pbb2
8
url VCID-puuh-m697-eqbf
vulnerability_id VCID-puuh-m697-eqbf
summary 
Potential session hijack in Apache CXF
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client.
references
0
reference_url http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12419.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12419.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12419
reference_id
reference_type
scores
0
value 0.11038
scoring_system epss
scoring_elements 0.93429
published_at 2026-04-09T12:55:00Z
1
value 0.11038
scoring_system epss
scoring_elements 0.93426
published_at 2026-04-08T12:55:00Z
2
value 0.11038
scoring_system epss
scoring_elements 0.93418
published_at 2026-04-07T12:55:00Z
3
value 0.11038
scoring_system epss
scoring_elements 0.9341
published_at 2026-04-02T12:55:00Z
4
value 0.11038
scoring_system epss
scoring_elements 0.93402
published_at 2026-04-01T12:55:00Z
5
value 0.11038
scoring_system epss
scoring_elements 0.93435
published_at 2026-04-12T12:55:00Z
6
value 0.11038
scoring_system epss
scoring_elements 0.93436
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12419
3
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r861eb1a9e0250e9150215b17f0263edf62becd5e20fc96251cff59f6@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r861eb1a9e0250e9150215b17f0263edf62becd5e20fc96251cff59f6@%3Cdev.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r861eb1a9e0250e9150215b17f0263edf62becd5e20fc96251cff59f6%40%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r861eb1a9e0250e9150215b17f0263edf62becd5e20fc96251cff59f6%40%3Cdev.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/re7593a274ee0a85d304d5d42c66fc0081c94d7f22bc96a1084d43b80@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re7593a274ee0a85d304d5d42c66fc0081c94d7f22bc96a1084d43b80@%3Cdev.cxf.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/re7593a274ee0a85d304d5d42c66fc0081c94d7f22bc96a1084d43b80%40%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/re7593a274ee0a85d304d5d42c66fc0081c94d7f22bc96a1084d43b80%40%3Cdev.cxf.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/ree5fc719e330f82ae38a2b0050c91f18ed5b878312dc0b9e0b9815be@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ree5fc719e330f82ae38a2b0050c91f18ed5b878312dc0b9e0b9815be@%3Cdev.cxf.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/ree5fc719e330f82ae38a2b0050c91f18ed5b878312dc0b9e0b9815be%40%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ree5fc719e330f82ae38a2b0050c91f18ed5b878312dc0b9e0b9815be%40%3Cdev.cxf.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12419
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12419
22
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
23
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
24
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
25
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1816175
reference_id 1816175
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1816175
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
33
reference_url https://github.com/advisories/GHSA-cw6w-q88j-6mqf
reference_id GHSA-cw6w-q88j-6mqf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cw6w-q88j-6mqf
34
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
35
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
36
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@3.2.11
purl pkg:maven/org.apache.cxf/cxf@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-edja-kj1j-7kh5
2
vulnerability VCID-fekg-fn5e-augk
3
vulnerability VCID-wkt1-qfpk-ybg4
4
vulnerability VCID-x3q1-vymh-jkew
5
vulnerability VCID-xzs8-rbhd-mkbp
6
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.2.11
1
url pkg:maven/org.apache.cxf/cxf@3.3.4
purl pkg:maven/org.apache.cxf/cxf@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-edja-kj1j-7kh5
2
vulnerability VCID-fekg-fn5e-augk
3
vulnerability VCID-wkt1-qfpk-ybg4
4
vulnerability VCID-x3q1-vymh-jkew
5
vulnerability VCID-xzs8-rbhd-mkbp
6
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.3.4
aliases CVE-2019-12419, GHSA-cw6w-q88j-6mqf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-puuh-m697-eqbf
9
url VCID-wkt1-qfpk-ybg4
vulnerability_id VCID-wkt1-qfpk-ybg4
summary 
Reflected Cross-Site Scripting in Apache CXF
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.
references
0
reference_url http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17573.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17573.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17573
reference_id
reference_type
scores
0
value 0.16126
scoring_system epss
scoring_elements 0.94792
published_at 2026-04-11T12:55:00Z
1
value 0.16126
scoring_system epss
scoring_elements 0.94788
published_at 2026-04-09T12:55:00Z
2
value 0.16126
scoring_system epss
scoring_elements 0.94784
published_at 2026-04-08T12:55:00Z
3
value 0.16126
scoring_system epss
scoring_elements 0.94796
published_at 2026-04-12T12:55:00Z
4
value 0.16126
scoring_system epss
scoring_elements 0.94774
published_at 2026-04-07T12:55:00Z
5
value 0.16126
scoring_system epss
scoring_elements 0.94773
published_at 2026-04-04T12:55:00Z
6
value 0.16126
scoring_system epss
scoring_elements 0.9477
published_at 2026-04-02T12:55:00Z
7
value 0.16126
scoring_system epss
scoring_elements 0.9476
published_at 2026-04-01T12:55:00Z
8
value 0.16126
scoring_system epss
scoring_elements 0.94797
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17573
3
reference_url https://github.com/apache/cxf/commit/a02e96ba1095596bef481919f16a90c5e80a92c8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/a02e96ba1095596bef481919f16a90c5e80a92c8
4
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rf3b50583fefce2810cbd37c3d358cbcd9a03e750005950bf54546194@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf3b50583fefce2810cbd37c3d358cbcd9a03e750005950bf54546194@%3Cannounce.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-17573
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-17573
15
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
16
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
17
reference_url http://www.openwall.com/lists/oss-security/2020/11/12/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/11/12/2
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1797011
reference_id 1797011
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1797011
19
reference_url https://github.com/advisories/GHSA-f93p-f762-vr53
reference_id GHSA-f93p-f762-vr53
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f93p-f762-vr53
20
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
21
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
22
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
23
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
24
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
25
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
26
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
27
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
28
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
29
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
30
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
31
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
32
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
33
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@3.2.12
purl pkg:maven/org.apache.cxf/cxf@3.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-fekg-fn5e-augk
2
vulnerability VCID-x3q1-vymh-jkew
3
vulnerability VCID-xzs8-rbhd-mkbp
4
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.2.12
1
url pkg:maven/org.apache.cxf/cxf@3.3.5
purl pkg:maven/org.apache.cxf/cxf@3.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-darq-bg13-x3fd
1
vulnerability VCID-fekg-fn5e-augk
2
vulnerability VCID-x3q1-vymh-jkew
3
vulnerability VCID-xzs8-rbhd-mkbp
4
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.3.5
aliases CVE-2019-17573, GHSA-f93p-f762-vr53
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wkt1-qfpk-ybg4
10
url VCID-x3q1-vymh-jkew
vulnerability_id VCID-x3q1-vymh-jkew
summary 
Authorization service vulnerable to DDos attacks in Apache CFX
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22696
reference_id
reference_type
scores
0
value 0.01971
scoring_system epss
scoring_elements 0.83539
published_at 2026-04-13T12:55:00Z
1
value 0.01971
scoring_system epss
scoring_elements 0.83543
published_at 2026-04-12T12:55:00Z
2
value 0.01971
scoring_system epss
scoring_elements 0.83549
published_at 2026-04-11T12:55:00Z
3
value 0.01971
scoring_system epss
scoring_elements 0.83534
published_at 2026-04-09T12:55:00Z
4
value 0.01971
scoring_system epss
scoring_elements 0.83524
published_at 2026-04-08T12:55:00Z
5
value 0.01971
scoring_system epss
scoring_elements 0.835
published_at 2026-04-07T12:55:00Z
6
value 0.01971
scoring_system epss
scoring_elements 0.83501
published_at 2026-04-04T12:55:00Z
7
value 0.01971
scoring_system epss
scoring_elements 0.83474
published_at 2026-04-01T12:55:00Z
8
value 0.01971
scoring_system epss
scoring_elements 0.83486
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22696
2
reference_url https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
3
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
4
reference_url https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286
5
reference_url https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04
6
reference_url https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22696
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22696
12
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
13
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
14
reference_url http://www.openwall.com/lists/oss-security/2021/04/02/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/04/02/2
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1946341
reference_id 1946341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1946341
16
reference_url https://github.com/advisories/GHSA-7q4h-pj78-j7vg
reference_id GHSA-7q4h-pj78-j7vg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7q4h-pj78-j7vg
17
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
18
reference_url https://access.redhat.com/errata/RHSA-2022:7273
reference_id RHSA-2022:7273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7273
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@3.3.10
purl pkg:maven/org.apache.cxf/cxf@3.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xzs8-rbhd-mkbp
1
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.3.10
1
url pkg:maven/org.apache.cxf/cxf@3.4.3
purl pkg:maven/org.apache.cxf/cxf@3.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xzs8-rbhd-mkbp
1
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.4.3
aliases CVE-2021-22696, GHSA-7q4h-pj78-j7vg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3q1-vymh-jkew
11
url VCID-xzs8-rbhd-mkbp
vulnerability_id VCID-xzs8-rbhd-mkbp
summary 
Apache CXF vulnerable to Exposure of Sensitive Information
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-46363
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.25411
published_at 2026-04-02T12:55:00Z
1
value 0.00139
scoring_system epss
scoring_elements 0.34008
published_at 2026-04-13T12:55:00Z
2
value 0.00139
scoring_system epss
scoring_elements 0.34142
published_at 2026-04-04T12:55:00Z
3
value 0.00139
scoring_system epss
scoring_elements 0.34002
published_at 2026-04-07T12:55:00Z
4
value 0.00139
scoring_system epss
scoring_elements 0.34045
published_at 2026-04-08T12:55:00Z
5
value 0.00139
scoring_system epss
scoring_elements 0.34076
published_at 2026-04-09T12:55:00Z
6
value 0.00139
scoring_system epss
scoring_elements 0.34074
published_at 2026-04-11T12:55:00Z
7
value 0.00139
scoring_system epss
scoring_elements 0.34031
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-46363
2
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
3
reference_url https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T02:50:18Z/
url https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-46363
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-46363
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2155681
reference_id 2155681
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2155681
6
reference_url https://github.com/advisories/GHSA-3w37-5p3p-jv92
reference_id GHSA-3w37-5p3p-jv92
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3w37-5p3p-jv92
7
reference_url https://access.redhat.com/errata/RHSA-2023:0483
reference_id RHSA-2023:0483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0483
8
reference_url https://access.redhat.com/errata/RHSA-2023:0544
reference_id RHSA-2023:0544
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0544
9
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
10
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
11
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
12
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@3.4.10
purl pkg:maven/org.apache.cxf/cxf@3.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.4.10
1
url pkg:maven/org.apache.cxf/cxf@3.5.5
purl pkg:maven/org.apache.cxf/cxf@3.5.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.5.5
aliases CVE-2022-46363, GHSA-3w37-5p3p-jv92
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xzs8-rbhd-mkbp
12
url VCID-y8up-mkx2-abcn
vulnerability_id VCID-y8up-mkx2-abcn
summary 
Apache CXF Server-Side Request Forgery vulnerability
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-46364
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.3082
published_at 2026-04-09T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30863
published_at 2026-04-02T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30909
published_at 2026-04-04T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.30729
published_at 2026-04-07T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30788
published_at 2026-04-08T12:55:00Z
5
value 0.00135
scoring_system epss
scoring_elements 0.33241
published_at 2026-04-11T12:55:00Z
6
value 0.00135
scoring_system epss
scoring_elements 0.33177
published_at 2026-04-13T12:55:00Z
7
value 0.00135
scoring_system epss
scoring_elements 0.33201
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-46364
2
reference_url https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-22T02:48:12Z/
url https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-46364
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-46364
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2155682
reference_id 2155682
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2155682
5
reference_url https://github.com/advisories/GHSA-x3x3-qwjq-8gj4
reference_id GHSA-x3x3-qwjq-8gj4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x3x3-qwjq-8gj4
6
reference_url https://access.redhat.com/errata/RHSA-2023:0163
reference_id RHSA-2023:0163
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0163
7
reference_url https://access.redhat.com/errata/RHSA-2023:0164
reference_id RHSA-2023:0164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0164
8
reference_url https://access.redhat.com/errata/RHSA-2023:0483
reference_id RHSA-2023:0483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0483
9
reference_url https://access.redhat.com/errata/RHSA-2023:0544
reference_id RHSA-2023:0544
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0544
10
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
11
reference_url https://access.redhat.com/errata/RHSA-2023:1285
reference_id RHSA-2023:1285
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1285
12
reference_url https://access.redhat.com/errata/RHSA-2023:1286
reference_id RHSA-2023:1286
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1286
13
reference_url https://access.redhat.com/errata/RHSA-2023:2041
reference_id RHSA-2023:2041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2041
14
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@3.4.10
purl pkg:maven/org.apache.cxf/cxf@3.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.4.10
1
url pkg:maven/org.apache.cxf/cxf@3.5.5
purl pkg:maven/org.apache.cxf/cxf@3.5.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@3.5.5
aliases CVE-2022-46364, GHSA-x3x3-qwjq-8gj4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8up-mkx2-abcn
Fixing_vulnerabilities
0
url VCID-z5eh-y2gp-vub8
vulnerability_id VCID-z5eh-y2gp-vub8
summary 
Improper Authentication in Apache CXF
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2012-1591.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1591.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2012-1592.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1592.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2012-1594.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1594.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2378.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2378.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2378
reference_id
reference_type
scores
0
value 0.04238
scoring_system epss
scoring_elements 0.88786
published_at 2026-04-13T12:55:00Z
1
value 0.04238
scoring_system epss
scoring_elements 0.88729
published_at 2026-04-01T12:55:00Z
2
value 0.04238
scoring_system epss
scoring_elements 0.88739
published_at 2026-04-02T12:55:00Z
3
value 0.04238
scoring_system epss
scoring_elements 0.88755
published_at 2026-04-04T12:55:00Z
4
value 0.04238
scoring_system epss
scoring_elements 0.88758
published_at 2026-04-07T12:55:00Z
5
value 0.04238
scoring_system epss
scoring_elements 0.88774
published_at 2026-04-08T12:55:00Z
6
value 0.04238
scoring_system epss
scoring_elements 0.88779
published_at 2026-04-09T12:55:00Z
7
value 0.04238
scoring_system epss
scoring_elements 0.88791
published_at 2026-04-11T12:55:00Z
8
value 0.04238
scoring_system epss
scoring_elements 0.88785
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2378
5
reference_url http://secunia.com/advisories/51607
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/51607
6
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
7
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
19
reference_url http://svn.apache.org/viewvc?view=revision&revision=1337150
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=1337150
20
reference_url http://www.securityfocus.com/bid/53880
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/53880
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=826533
reference_id 826533
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=826533
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2378
reference_id CVE-2012-2378
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2378
30
reference_url http://cxf.apache.org/cve-2012-2378.html
reference_id CVE-2012-2378.HTML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/cve-2012-2378.html
31
reference_url https://github.com/advisories/GHSA-vjpc-vf4f-82qg
reference_id GHSA-vjpc-vf4f-82qg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vjpc-vf4f-82qg
32
reference_url https://access.redhat.com/errata/RHSA-2012:1591
reference_id RHSA-2012:1591
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1591
33
reference_url https://access.redhat.com/errata/RHSA-2012:1592
reference_id RHSA-2012:1592
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1592
34
reference_url https://access.redhat.com/errata/RHSA-2012:1594
reference_id RHSA-2012:1594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1594
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf@2.4.8
purl pkg:maven/org.apache.cxf/cxf@2.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-669s-jgrm-efgg
1
vulnerability VCID-6dpm-n1kk-5fer
2
vulnerability VCID-d68d-u8dc-r3be
3
vulnerability VCID-darq-bg13-x3fd
4
vulnerability VCID-edja-kj1j-7kh5
5
vulnerability VCID-fekg-fn5e-augk
6
vulnerability VCID-n8bd-use6-pbb2
7
vulnerability VCID-puuh-m697-eqbf
8
vulnerability VCID-wkt1-qfpk-ybg4
9
vulnerability VCID-x3q1-vymh-jkew
10
vulnerability VCID-xzs8-rbhd-mkbp
11
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.4.8
1
url pkg:maven/org.apache.cxf/cxf@2.5.3
purl pkg:maven/org.apache.cxf/cxf@2.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-669s-jgrm-efgg
1
vulnerability VCID-6dpm-n1kk-5fer
2
vulnerability VCID-b91g-m3nt-1bgq
3
vulnerability VCID-d68d-u8dc-r3be
4
vulnerability VCID-darq-bg13-x3fd
5
vulnerability VCID-edja-kj1j-7kh5
6
vulnerability VCID-fekg-fn5e-augk
7
vulnerability VCID-n8bd-use6-pbb2
8
vulnerability VCID-puuh-m697-eqbf
9
vulnerability VCID-wkt1-qfpk-ybg4
10
vulnerability VCID-x3q1-vymh-jkew
11
vulnerability VCID-xzs8-rbhd-mkbp
12
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.5.3
2
url pkg:maven/org.apache.cxf/cxf@2.6.1
purl pkg:maven/org.apache.cxf/cxf@2.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-669s-jgrm-efgg
1
vulnerability VCID-6dpm-n1kk-5fer
2
vulnerability VCID-d68d-u8dc-r3be
3
vulnerability VCID-darq-bg13-x3fd
4
vulnerability VCID-edja-kj1j-7kh5
5
vulnerability VCID-fekg-fn5e-augk
6
vulnerability VCID-n8bd-use6-pbb2
7
vulnerability VCID-puuh-m697-eqbf
8
vulnerability VCID-wkt1-qfpk-ybg4
9
vulnerability VCID-x3q1-vymh-jkew
10
vulnerability VCID-xzs8-rbhd-mkbp
11
vulnerability VCID-y8up-mkx2-abcn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.6.1
aliases CVE-2012-2378, GHSA-vjpc-vf4f-82qg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5eh-y2gp-vub8
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf@2.5.3