VulnerableCode Package Details - pkg:maven/org.apache.cxf/cxf-rt-ws-security@2.5.9

Search for packages

Vulnerability	Summary	Fixed by
VCID-7uaz-br64-aaar Aliases: CVE-2014-0034 GHSA-38x2-fp9m-87mx	CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid	2.6.12 Affected by 0 other vulnerabilities. 2.7.9 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7uaz-br64-aaar
Aliases:
CVE-2014-0034
GHSA-38x2-fp9m-87mx

CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid

2.6.12
Affected by 0 other vulnerabilities.

2.7.9
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-m6hu-ghyn-aaan	UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate When the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.	CVE-2013-0239 GHSA-p5c5-6564-vvr8

Vulnerability

Summary

Aliases

VCID-m6hu-ghyn-aaan

UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate When the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.

CVE-2013-0239
GHSA-p5c5-6564-vvr8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T15:41:19.274572+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	36.1.3
2025-06-20T15:40:07.225792+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	36.1.3
2025-06-20T13:45:42.959335+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	36.1.3
2025-06-20T13:45:42.872528+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	36.1.3
2025-06-03T22:21:35.647355+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	36.1.0
2025-06-03T22:20:23.414425+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	36.1.0
2025-06-03T20:36:36.465536+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	36.1.0
2025-06-03T20:36:36.385943+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	36.1.0
2025-06-02T22:10:29.422361+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	36.1.2
2025-06-02T22:09:11.518750+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	36.1.2
2025-06-02T20:15:48.943701+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	36.1.2
2025-06-02T20:15:48.857881+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	36.1.2
2025-04-03T19:39:11.310519+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	36.0.0
2025-04-03T19:37:03.191037+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	36.0.0
2025-04-03T16:23:16.088611+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	36.0.0
2025-04-03T16:23:15.828628+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	36.0.0
2025-02-18T04:38:08.727144+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	35.1.0
2025-02-18T04:38:08.152282+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	35.1.0
2025-02-17T22:16:56.413352+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	35.1.0
2025-02-17T22:16:56.182125+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	35.1.0
2024-11-21T01:33:12.012669+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	35.0.0
2024-11-20T21:52:48.585251+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	35.0.0
2024-11-19T01:12:18.129259+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.3.2
2024-11-18T21:50:09.652665+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.3.2
2024-10-08T01:48:12.783546+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.0.2
2024-10-07T22:49:30.484587+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.0.2
2024-10-07T16:46:24.808172+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	https://github.com/advisories/GHSA-38x2-fp9m-87mx	34.0.2
2024-09-23T01:49:53.194514+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.0.1
2024-09-22T17:10:20.090152+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	https://github.com/advisories/GHSA-38x2-fp9m-87mx	34.0.1
2024-09-17T22:37:35.254867+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.0.1
2024-04-24T04:10:36.680838+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc4
2024-04-24T04:10:36.069078+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.0.0rc4
2024-04-24T00:55:21.891494+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.0.0rc4
2024-04-24T00:55:21.632739+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	34.0.0rc4
2024-04-23T17:59:51.294702+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	https://github.com/advisories/GHSA-38x2-fp9m-87mx	34.0.0rc4
2024-04-23T17:59:50.383464+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc4
2024-01-10T06:46:38.904764+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc2
2024-01-10T06:46:38.307397+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.0.0rc2
2024-01-10T03:18:59.695574+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.0.0rc2
2024-01-10T03:18:59.435481+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	34.0.0rc2
2024-01-09T19:56:13.982275+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	https://github.com/advisories/GHSA-38x2-fp9m-87mx	34.0.0rc2
2024-01-09T19:56:13.106803+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc2
2024-01-03T23:32:59.448946+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc1
2024-01-03T23:32:58.840065+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.0.0rc1
2024-01-03T19:56:38.055829+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	34.0.0rc1
2024-01-03T18:00:29.347126+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.0.0rc1
2024-01-03T15:25:03.841990+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc1

2025-06-20T15:41:19.274572+00:00

GitLab Importer

Affected by

Next non-vulnerable version	2.6.12
Latest non-vulnerable version	3.1.11
Risk	4.5