Search for vulnerabilities
Vulnerability details: VCID-m6hu-ghyn-aaan
Vulnerability ID VCID-m6hu-ghyn-aaan
Aliases CVE-2013-0239
GHSA-p5c5-6564-vvr8
Summary UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate When the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-287 Improper Authentication
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0749.html
rhas Important https://access.redhat.com/errata/RHSA-2013:0644
rhas Important https://access.redhat.com/errata/RHSA-2013:0645
rhas Important https://access.redhat.com/errata/RHSA-2013:0649
rhas Important https://access.redhat.com/errata/RHSA-2013:0749
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.04757 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
epss 0.10113 https://api.first.org/data/v1/epss?cve=CVE-2013-0239
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=905722
generic_textual MODERATE http://seclists.org/fulldisclosure/2013/Feb/39
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/81981
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-p5c5-6564-vvr8
cvssv3.1 3.7 https://github.com/apache/cxf
generic_textual LOW https://github.com/apache/cxf
generic_textual MODERATE https://github.com/apache/cxf/commit/e4c6b3b0899ef2ba87c2610efc323b71c13dd421
cvssv3.1 6.1 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
generic_textual CRITICAL https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 5.3 https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 6.1 https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-0239
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1438424
generic_textual MODERATE https://web.archive.org/web/20200229102616/http://www.securityfocus.com/bid/57876
Reference id Reference type URL
http://osvdb.org/90078
http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html
http://rhn.redhat.com/errata/RHSA-2013-0749.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0239.json
https://api.first.org/data/v1/epss?cve=CVE-2013-0239
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239
http://seclists.org/fulldisclosure/2013/Feb/39
http://secunia.com/advisories/51988
https://exchange.xforce.ibmcloud.com/vulnerabilities/81981
https://github.com/apache/cxf
https://github.com/apache/cxf/commit/295a4e2f9eb3e7e0513980202949ccc424dee2d4
https://github.com/apache/cxf/commit/e4c6b3b0899ef2ba87c2610efc323b71c13dd421
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
http://svn.apache.org/viewvc?view=revision&revision=1438424
https://web.archive.org/web/20200229102616/http://www.securityfocus.com/bid/57876
http://www.securityfocus.com/bid/57876
905722 https://bugzilla.redhat.com/show_bug.cgi?id=905722
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
CVE-2013-0239 https://nvd.nist.gov/vuln/detail/CVE-2013-0239
CVE-2013-0239.HTML http://cxf.apache.org/cve-2013-0239.html
GHSA-p5c5-6564-vvr8 https://github.com/advisories/GHSA-p5c5-6564-vvr8
RHSA-2013:0644 https://access.redhat.com/errata/RHSA-2013:0644
RHSA-2013:0645 https://access.redhat.com/errata/RHSA-2013:0645
RHSA-2013:0649 https://access.redhat.com/errata/RHSA-2013:0649
RHSA-2013:0749 https://access.redhat.com/errata/RHSA-2013:0749
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/cxf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-0239
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.70671
EPSS Score 0.00313
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.