VulnerableCode Package Details - pkg:maven/org.apache.cxf/cxf-rt-ws-security@2.6.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-7uaz-br64-aaar Aliases: CVE-2014-0034 GHSA-38x2-fp9m-87mx	CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid	2.6.12 Affected by 0 other vulnerabilities. 2.7.9 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7uaz-br64-aaar
Aliases:
CVE-2014-0034
GHSA-38x2-fp9m-87mx

CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid

2.6.12
Affected by 0 other vulnerabilities.

2.7.9
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-m6hu-ghyn-aaan	UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate When the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.	CVE-2013-0239 GHSA-p5c5-6564-vvr8

Vulnerability

Summary

Aliases

VCID-m6hu-ghyn-aaan

UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate When the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.

CVE-2013-0239
GHSA-p5c5-6564-vvr8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T15:41:19.291144+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	36.1.3
2025-06-20T15:40:07.242536+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	36.1.3
2025-06-20T13:45:42.971538+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	36.1.3
2025-06-20T13:45:42.889102+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	36.1.3
2025-06-03T22:21:35.660957+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	36.1.0
2025-06-03T22:20:23.428806+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	36.1.0
2025-06-03T20:36:36.477198+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	36.1.0
2025-06-03T20:36:36.399566+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	36.1.0
2025-06-02T22:10:29.440913+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	36.1.2
2025-06-02T22:09:11.537458+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	36.1.2
2025-06-02T20:15:48.955624+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	36.1.2
2025-06-02T20:15:48.872966+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	36.1.2
2025-04-03T19:39:11.354275+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	36.0.0
2025-04-03T19:37:03.235018+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	36.0.0
2025-04-03T16:23:16.127547+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	36.0.0
2025-04-03T16:23:15.875666+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	36.0.0
2025-02-18T04:38:08.770603+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	35.1.0
2025-02-18T04:38:08.196561+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	35.1.0
2025-02-17T22:16:56.456368+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	35.1.0
2025-02-17T22:16:56.219387+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	35.1.0
2024-11-21T01:33:12.056613+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	35.0.0
2024-11-20T21:52:48.627676+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	35.0.0
2024-11-19T01:12:18.172139+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.3.2
2024-11-18T21:50:09.694490+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.3.2
2024-10-08T01:48:12.829232+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.0.2
2024-10-07T22:49:30.524984+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.0.2
2024-10-07T16:46:24.851097+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	https://github.com/advisories/GHSA-38x2-fp9m-87mx	34.0.2
2024-09-23T01:49:53.237833+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.0.1
2024-09-22T17:10:20.133017+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	https://github.com/advisories/GHSA-38x2-fp9m-87mx	34.0.1
2024-09-17T22:37:35.283426+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.0.1
2024-04-24T04:10:36.722855+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc4
2024-04-24T04:10:36.112150+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.0.0rc4
2024-04-24T00:55:21.932753+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.0.0rc4
2024-04-24T00:55:21.668700+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	34.0.0rc4
2024-04-23T17:59:51.336653+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	https://github.com/advisories/GHSA-38x2-fp9m-87mx	34.0.0rc4
2024-04-23T17:59:50.424938+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc4
2024-01-10T06:46:38.946258+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc2
2024-01-10T06:46:38.349121+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.0.0rc2
2024-01-10T03:18:59.736783+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.0.0rc2
2024-01-10T03:18:59.471673+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	34.0.0rc2
2024-01-09T19:56:14.024063+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	https://github.com/advisories/GHSA-38x2-fp9m-87mx	34.0.0rc2
2024-01-09T19:56:13.148392+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc2
2024-01-03T23:32:59.490581+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc1
2024-01-03T23:32:58.881967+00:00	GitLab Importer	Affected by	VCID-7uaz-br64-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml	34.0.0rc1
2024-01-03T19:56:38.092049+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	None	34.0.0rc1
2024-01-03T18:00:29.373551+00:00	GitLab Importer	Fixing	VCID-m6hu-ghyn-aaan	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml	34.0.0rc1
2024-01-03T15:25:03.883337+00:00	GHSA Importer	Affected by	VCID-7uaz-br64-aaar	None	34.0.0rc1

2025-06-20T15:41:19.291144+00:00

GitLab Importer

Affected by

Next non-vulnerable version	2.6.12
Latest non-vulnerable version	3.1.11
Risk	4.5