VulnerableCode Package Details - pkg:maven/org.apache.cxf/cxf-api@2.5-alpha0

Search for packages

Vulnerability	Summary	Fixed by
VCID-6f55-kdyu-aaac Aliases: CVE-2012-3451 GHSA-55j7-f5wf-43m4	SOAPAction spoofing on document literal web services This package allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.	2.5.5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.6.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-su1r-fv61-aaap Aliases: CVE-2013-2160 GHSA-254q-rp36-v2m8	Denial of Service Attacks on Apache CXF The streaming XML parser in this package remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of elements, attributes, nested constructs, and possibly other vectors.	2.5.10 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.6.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-6f55-kdyu-aaac
Aliases:
CVE-2012-3451
GHSA-55j7-f5wf-43m4

SOAPAction spoofing on document literal web services This package allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

2.5.5
Affected by 3 other vulnerabilities.

2.6.2
Affected by 3 other vulnerabilities.

VCID-su1r-fv61-aaap
Aliases:
CVE-2013-2160
GHSA-254q-rp36-v2m8

Denial of Service Attacks on Apache CXF The streaming XML parser in this package remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of elements, attributes, nested constructs, and possibly other vectors.

2.5.10
Affected by 2 other vulnerabilities.

2.6.7
Affected by 2 other vulnerabilities.

2.7.4
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-09-17T22:37:32.539068+00:00	GitLab Importer	Affected by	VCID-su1r-fv61-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-api/CVE-2013-2160.yml	34.0.1
2024-09-17T22:37:32.415751+00:00	GitLab Importer	Affected by	VCID-6f55-kdyu-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-api/CVE-2012-3451.yml	34.0.1
2024-01-03T18:00:26.821361+00:00	GitLab Importer	Affected by	VCID-su1r-fv61-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-api/CVE-2013-2160.yml	34.0.0rc1
2024-01-03T18:00:26.704522+00:00	GitLab Importer	Affected by	VCID-6f55-kdyu-aaac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-api/CVE-2012-3451.yml	34.0.0rc1