Search for packages
Package details: pkg:maven/org.apache.cxf/cxf-rt-ws-security@2.5.7
purl pkg:maven/org.apache.cxf/cxf-rt-ws-security@2.5.7
Next non-vulnerable version 2.6.12
Latest non-vulnerable version 3.1.11
Risk 4.5
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-7uaz-br64-aaar
Aliases:
CVE-2014-0034
GHSA-38x2-fp9m-87mx
CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
2.6.12
Affected by 0 other vulnerabilities.
2.7.9
Affected by 0 other vulnerabilities.
VCID-bd4x-va5p-aaar
Aliases:
CVE-2012-5633
GHSA-xf9f-32gh-h2w4
Bypass of security constraints on WS endpoints when using WSS4JInInterceptor The `URIMappingInterceptor` in this package bypasses `WS-Security` processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
2.5.8
Affected by 2 other vulnerabilities.
2.6.5
Affected by 2 other vulnerabilities.
2.7.2
Affected by 2 other vulnerabilities.
VCID-m6hu-ghyn-aaan
Aliases:
CVE-2013-0239
GHSA-p5c5-6564-vvr8
UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate When the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
2.5.9
Affected by 1 other vulnerability.
2.6.6
Affected by 1 other vulnerability.
2.7.3
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T15:41:19.270912+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar None 36.1.3
2025-06-20T15:40:07.222058+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 36.1.3
2025-06-20T13:45:43.022939+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 36.1.3
2025-06-20T13:45:42.956311+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan None 36.1.3
2025-06-20T13:45:42.869260+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 36.1.3
2025-06-20T13:45:42.792351+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar None 36.1.3
2025-06-03T22:21:35.644440+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar None 36.1.0
2025-06-03T22:20:23.411423+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 36.1.0
2025-06-03T20:36:36.523041+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 36.1.0
2025-06-03T20:36:36.462534+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan None 36.1.0
2025-06-03T20:36:36.382820+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 36.1.0
2025-06-03T20:36:36.308708+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar None 36.1.0
2025-06-02T22:10:29.418223+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar None 36.1.2
2025-06-02T22:09:11.514497+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 36.1.2
2025-06-02T20:15:49.003023+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 36.1.2
2025-06-02T20:15:48.940653+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan None 36.1.2
2025-06-02T20:15:48.854318+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 36.1.2
2025-06-02T20:15:48.767574+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar None 36.1.2
2025-04-03T19:39:11.300715+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar None 36.0.0
2025-04-03T19:37:03.181335+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 36.0.0
2025-04-03T16:23:16.272570+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 36.0.0
2025-04-03T16:23:16.078513+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan None 36.0.0
2025-04-03T16:23:15.818525+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 36.0.0
2025-04-03T16:23:15.589721+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar None 36.0.0
2025-02-18T04:38:08.717543+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar None 35.1.0
2025-02-18T04:38:08.142542+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 35.1.0
2025-02-17T22:16:56.403497+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 35.1.0
2025-02-17T22:16:56.172458+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan None 35.1.0
2025-02-17T22:16:27.072218+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar None 35.1.0
2025-02-17T22:16:26.873215+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 35.1.0
2024-11-21T01:33:12.003049+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 35.0.0
2024-11-20T21:52:48.575518+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 35.0.0
2024-11-20T21:52:36.540143+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 35.0.0
2024-11-19T01:12:18.119461+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 34.3.2
2024-11-18T21:50:09.643039+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 34.3.2
2024-11-18T21:50:00.280573+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 34.3.2
2024-10-08T01:48:12.773841+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 34.0.2
2024-10-07T22:49:30.475520+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 34.0.2
2024-10-07T22:49:18.799549+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 34.0.2
2024-10-07T16:46:24.798673+00:00 GHSA Importer Affected by VCID-7uaz-br64-aaar https://github.com/advisories/GHSA-38x2-fp9m-87mx 34.0.2
2024-09-23T01:49:53.184980+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 34.0.1
2024-09-22T23:05:06.957889+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 34.0.1
2024-09-22T17:10:20.080661+00:00 GHSA Importer Affected by VCID-7uaz-br64-aaar https://github.com/advisories/GHSA-38x2-fp9m-87mx 34.0.1
2024-09-17T22:37:35.102665+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 34.0.1
2024-04-24T04:10:36.671397+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar None 34.0.0rc4
2024-04-24T04:10:36.059503+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 34.0.0rc4
2024-04-24T00:55:21.882165+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 34.0.0rc4
2024-04-24T00:55:21.623520+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan None 34.0.0rc4
2024-04-24T00:55:00.027520+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar None 34.0.0rc4
2024-04-24T00:54:59.810110+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 34.0.0rc4
2024-04-23T17:59:51.285453+00:00 GHSA Importer Affected by VCID-7uaz-br64-aaar https://github.com/advisories/GHSA-38x2-fp9m-87mx 34.0.0rc4
2024-04-23T17:59:50.372556+00:00 GHSA Importer Affected by VCID-7uaz-br64-aaar None 34.0.0rc4
2024-01-10T06:46:38.895491+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar None 34.0.0rc2
2024-01-10T06:46:38.298159+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 34.0.0rc2
2024-01-10T03:18:59.686215+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 34.0.0rc2
2024-01-10T03:18:59.426298+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan None 34.0.0rc2
2024-01-10T03:18:39.045334+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar None 34.0.0rc2
2024-01-10T03:18:38.817000+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 34.0.0rc2
2024-01-09T19:56:13.973027+00:00 GHSA Importer Affected by VCID-7uaz-br64-aaar https://github.com/advisories/GHSA-38x2-fp9m-87mx 34.0.0rc2
2024-01-09T19:56:13.097541+00:00 GHSA Importer Affected by VCID-7uaz-br64-aaar None 34.0.0rc2
2024-01-03T23:32:59.439700+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar None 34.0.0rc1
2024-01-03T23:32:58.830772+00:00 GitLab Importer Affected by VCID-7uaz-br64-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2014-0034.yml 34.0.0rc1
2024-01-03T19:56:38.311075+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2013-0239.yml 34.0.0rc1
2024-01-03T19:56:38.046473+00:00 GitLab Importer Affected by VCID-m6hu-ghyn-aaan None 34.0.0rc1
2024-01-03T19:56:17.512049+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar None 34.0.0rc1
2024-01-03T18:00:29.204436+00:00 GitLab Importer Affected by VCID-bd4x-va5p-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2012-5633.yml 34.0.0rc1
2024-01-03T15:25:03.832842+00:00 GHSA Importer Affected by VCID-7uaz-br64-aaar None 34.0.0rc1