Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.16
Typemaven
Namespaceorg.apache.cxf
Namecxf-rt-transports-http
Version3.1.16
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.10
Latest_non_vulnerable_version4.0.5
Affected_by_vulnerabilities
0
url VCID-pwqw-b31z-w7g2
vulnerability_id VCID-pwqw-b31z-w7g2
summary 
Cross-site Scripting
By default, Apache CXF creates a `/services` page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the `styleSheetPath`, which allows a malicious actor to inject javascript into the web page.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13954.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13954.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13954
reference_id
reference_type
scores
0
value 0.14577
scoring_system epss
scoring_elements 0.94592
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13954
2
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318a580b6746aa5ef@%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318a580b6746aa5ef@%3Cdev.syncope.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
10
reference_url https://security.netapp.com/advisory/ntap-20210513-0010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210513-0010
11
reference_url https://security.netapp.com/advisory/ntap-20210513-0010/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210513-0010/
12
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
13
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
14
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url http://www.openwall.com/lists/oss-security/2020/11/12/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/11/12/2
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1898235
reference_id 1898235
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1898235
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13954
reference_id CVE-2020-13954
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13954
19
reference_url http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2
reference_id CVE-2020-13954.TXT.ASC?VERSION=1&MODIFICATIONDATE=1605183670659&API=V2
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2
20
reference_url https://github.com/advisories/GHSA-64x2-gq24-75pv
reference_id GHSA-64x2-gq24-75pv
reference_type
scores
url https://github.com/advisories/GHSA-64x2-gq24-75pv
21
reference_url https://access.redhat.com/errata/RHSA-2021:3140
reference_id RHSA-2021:3140
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3140
22
reference_url https://access.redhat.com/errata/RHSA-2021:3205
reference_id RHSA-2021:3205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3205
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.3.8
purl pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zvwu-atmk-abe6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.3.8
1
url pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.4.1
purl pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zvwu-atmk-abe6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.4.1
aliases CVE-2020-13954, GHSA-64x2-gq24-75pv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwqw-b31z-w7g2
1
url VCID-zvwu-atmk-abe6
vulnerability_id VCID-zvwu-atmk-abe6
summary 
Uncontrolled Resource Consumption
CXF supports (via `JwtRequestCodeFilter`) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a `request` parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the `request_uri` parameter. CXF was not validating the `request_uri` parameter (apart from ensuring it uses https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section of the spec.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22696
reference_id
reference_type
scores
0
value 0.01971
scoring_system epss
scoring_elements 0.83864
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22696
2
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
3
reference_url https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286
4
reference_url https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04
5
reference_url https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url http://www.openwall.com/lists/oss-security/2021/04/02/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/04/02/2
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1946341
reference_id 1946341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1946341
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22696
reference_id CVE-2021-22696
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22696
15
reference_url https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
reference_id CVE-2021-22696.TXT.ASC
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
16
reference_url https://github.com/advisories/GHSA-7q4h-pj78-j7vg
reference_id GHSA-7q4h-pj78-j7vg
reference_type
scores
url https://github.com/advisories/GHSA-7q4h-pj78-j7vg
17
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
18
reference_url https://access.redhat.com/errata/RHSA-2022:7273
reference_id RHSA-2022:7273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7273
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.3.10
purl pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.3.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.3.10
1
url pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.4.3
purl pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.4.3
aliases CVE-2021-22696, GHSA-7q4h-pj78-j7vg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvwu-atmk-abe6
Fixing_vulnerabilities
0
url VCID-bfaf-hqw5-13fd
vulnerability_id VCID-bfaf-hqw5-13fd
summary 
Improper Handling of Exceptional Conditions
It is possible to configure Apache CXF to use the `com.sun.net.ssl` implementation via `System.setProperty`. When this system property is set, CXF uses some reflection to try to make the `HostnameVerifier` work with the old `com.sun.net.ssl.HostnameVerifier` interface. However, the default `HostnameVerifier` implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the `com.sun.net.ssl` stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2276
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2276
1
reference_url https://access.redhat.com/errata/RHSA-2018:2277
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2277
2
reference_url https://access.redhat.com/errata/RHSA-2018:2279
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2279
3
reference_url https://access.redhat.com/errata/RHSA-2018:2423
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2423
4
reference_url https://access.redhat.com/errata/RHSA-2018:2424
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2424
5
reference_url https://access.redhat.com/errata/RHSA-2018:2425
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2425
6
reference_url https://access.redhat.com/errata/RHSA-2018:2428
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2428
7
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
8
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3768
9
reference_url https://access.redhat.com/errata/RHSA-2018:3817
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3817
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8039.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8039.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8039
reference_id
reference_type
scores
0
value 0.02899
scoring_system epss
scoring_elements 0.86615
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8039
12
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
13
reference_url https://github.com/apache/cxf/commit/8ed6208f987ff72e4c4d2cf8a6b1ec9b27575d4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/8ed6208f987ff72e4c4d2cf8a6b1ec9b27575d4
14
reference_url https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741
reference_id
reference_type
scores
url https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741
15
reference_url https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b
16
reference_url https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
23
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
24
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
25
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
26
reference_url http://www.securityfocus.com/bid/106357
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106357
27
reference_url http://www.securitytracker.com/id/1041199
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041199
28
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1595332
reference_id 1595332
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1595332
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8039
reference_id CVE-2018-8039
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8039
30
reference_url https://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc
reference_id CVE-2018-8039.TXT.ASC
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc
31
reference_url https://github.com/advisories/GHSA-jc7r-v6fg-2gpf
reference_id GHSA-jc7r-v6fg-2gpf
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jc7r-v6fg-2gpf
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.16
purl pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwqw-b31z-w7g2
1
vulnerability VCID-zvwu-atmk-abe6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.16
1
url pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.2.5
purl pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pwqw-b31z-w7g2
1
vulnerability VCID-zvwu-atmk-abe6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.2.5
aliases CVE-2018-8039, GHSA-jc7r-v6fg-2gpf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bfaf-hqw5-13fd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.1.16