{"url":"http://public2.vulnerablecode.io/api/packages/62003?format=json","purl":"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3","type":"maven","namespace":"org.apache.cxf","name":"cxf-rt-frontend-jaxrs","version":"2.7.3","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.7.4","latest_non_vulnerable_version":"3.2.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37506?format=json","vulnerability_id":"VCID-cppb-xhj5-a7ep","summary":"UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate\nWhen the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.","references":[{"reference_url":"http://osvdb.org/90078","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/90078"},{"reference_url":"http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0749.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0749.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239"},{"reference_url":"http://seclists.org/fulldisclosure/2013/Feb/39","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2013/Feb/39"},{"reference_url":"http://secunia.com/advisories/51988","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51988"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81981","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81981"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1438424","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=1438424"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0239","reference_id":"CVE-2013-0239","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0239"},{"reference_url":"http://cxf.apache.org/cve-2013-0239.html","reference_id":"CVE-2013-0239.HTML","reference_type":"","scores":[],"url":"http://cxf.apache.org/cve-2013-0239.html"},{"reference_url":"https://github.com/advisories/GHSA-p5c5-6564-vvr8","reference_id":"GHSA-p5c5-6564-vvr8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p5c5-6564-vvr8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62001?format=json","purl":"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.5.9"},{"url":"http://public2.vulnerablecode.io/api/packages/62002?format=json","purl":"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.6"},{"url":"http://public2.vulnerablecode.io/api/packages/62003?format=json","purl":"pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3"}],"aliases":["CVE-2013-0239","GHSA-p5c5-6564-vvr8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cppb-xhj5-a7ep"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3"}