Search for vulnerabilities
Vulnerability details: VCID-7uaz-br64-aaar
Vulnerability ID VCID-7uaz-br64-aaar
Aliases CVE-2014-0034
GHSA-38x2-fp9m-87mx
Summary CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-345 Insufficient Verification of Data Authenticity
System Score Found at
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0797.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0798.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0799.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-1351.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-0850.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-0851.html
rhas Moderate https://access.redhat.com/errata/RHSA-2014:0797
rhas Moderate https://access.redhat.com/errata/RHSA-2014:0798
rhas Moderate https://access.redhat.com/errata/RHSA-2014:0799
rhas Important https://access.redhat.com/errata/RHSA-2014:1351
rhas Important https://access.redhat.com/errata/RHSA-2015:0850
rhas Important https://access.redhat.com/errata/RHSA-2015:0851
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.01861 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
epss 0.02302 https://api.first.org/data/v1/epss?cve=CVE-2014-0034
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1093529
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-38x2-fp9m-87mx
cvssv3.1 3.7 https://github.com/apache/cxf
generic_textual LOW https://github.com/apache/cxf
generic_textual MODERATE https://github.com/apache/cxf/commit/b4b9a010bb23059251400455afabddee15b46127
cvssv3.1 6.1 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
generic_textual CRITICAL https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 5.3 https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 6.1 https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2014-0034
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1551228
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2014-0797.html
http://rhn.redhat.com/errata/RHSA-2014-0798.html
http://rhn.redhat.com/errata/RHSA-2014-0799.html
http://rhn.redhat.com/errata/RHSA-2014-1351.html
http://rhn.redhat.com/errata/RHSA-2015-0850.html
http://rhn.redhat.com/errata/RHSA-2015-0851.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0034.json
https://api.first.org/data/v1/epss?cve=CVE-2014-0034
https://github.com/apache/cxf
https://github.com/apache/cxf/commit/b4b9a010bb23059251400455afabddee15b46127
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
http://svn.apache.org/viewvc?view=revision&revision=1551228
http://www.securityfocus.com/bid/68441
1093529 https://bugzilla.redhat.com/show_bug.cgi?id=1093529
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*
CVE-2014-0034 https://nvd.nist.gov/vuln/detail/CVE-2014-0034
CVE-2014-0034.TXT.ASC http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc
GHSA-38x2-fp9m-87mx https://github.com/advisories/GHSA-38x2-fp9m-87mx
RHSA-2014:0797 https://access.redhat.com/errata/RHSA-2014:0797
RHSA-2014:0798 https://access.redhat.com/errata/RHSA-2014:0798
RHSA-2014:0799 https://access.redhat.com/errata/RHSA-2014:0799
RHSA-2014:1351 https://access.redhat.com/errata/RHSA-2014:1351
RHSA-2015:0850 https://access.redhat.com/errata/RHSA-2015:0850
RHSA-2015:0851 https://access.redhat.com/errata/RHSA-2015:0851
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/cxf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-0034
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.57580
EPSS Score 0.00193
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.