Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.cxf/apache-cxf@3.2.5
Typemaven
Namespaceorg.apache.cxf
Nameapache-cxf
Version3.2.5
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.3.11
Latest_non_vulnerable_version3.3.11
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-bfaf-hqw5-13fd
vulnerability_id VCID-bfaf-hqw5-13fd
summary 
Improper Handling of Exceptional Conditions
It is possible to configure Apache CXF to use the `com.sun.net.ssl` implementation via `System.setProperty`. When this system property is set, CXF uses some reflection to try to make the `HostnameVerifier` work with the old `com.sun.net.ssl.HostnameVerifier` interface. However, the default `HostnameVerifier` implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the `com.sun.net.ssl` stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2276
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2276
1
reference_url https://access.redhat.com/errata/RHSA-2018:2277
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2277
2
reference_url https://access.redhat.com/errata/RHSA-2018:2279
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2279
3
reference_url https://access.redhat.com/errata/RHSA-2018:2423
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2423
4
reference_url https://access.redhat.com/errata/RHSA-2018:2424
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2424
5
reference_url https://access.redhat.com/errata/RHSA-2018:2425
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2425
6
reference_url https://access.redhat.com/errata/RHSA-2018:2428
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2428
7
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2643
8
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:3768
9
reference_url https://access.redhat.com/errata/RHSA-2018:3817
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:3817
10
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
url https://github.com/apache/cxf
11
reference_url https://github.com/apache/cxf/commit/8ed6208f987ff72e4c4d2cf8a6b1ec9b27575d4
reference_id
reference_type
scores
url https://github.com/apache/cxf/commit/8ed6208f987ff72e4c4d2cf8a6b1ec9b27575d4
12
reference_url https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b
reference_id
reference_type
scores
url https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b
13
reference_url https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
20
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2020.html
21
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2020.html
22
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
23
reference_url http://www.securitytracker.com/id/1041199
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041199
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8039
reference_id CVE-2018-8039
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-8039
25
reference_url https://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc
reference_id CVE-2018-8039.TXT.ASC
reference_type
scores
url https://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc
26
reference_url https://github.com/advisories/GHSA-jc7r-v6fg-2gpf
reference_id GHSA-jc7r-v6fg-2gpf
reference_type
scores
url https://github.com/advisories/GHSA-jc7r-v6fg-2gpf
fixed_packages
0
url pkg:maven/org.apache.cxf/apache-cxf@3.1.16
purl pkg:maven/org.apache.cxf/apache-cxf@3.1.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@3.1.16
1
url pkg:maven/org.apache.cxf/apache-cxf@3.2.5
purl pkg:maven/org.apache.cxf/apache-cxf@3.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@3.2.5
aliases CVE-2018-8039, GHSA-jc7r-v6fg-2gpf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bfaf-hqw5-13fd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/apache-cxf@3.2.5