Search for vulnerabilities
Vulnerability details: VCID-su1r-fv61-aaap
Vulnerability ID VCID-su1r-fv61-aaap
Aliases CVE-2013-2160
GHSA-254q-rp36-v2m8
Summary Denial of Service Attacks on Apache CXF The streaming XML parser in this package remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of elements, attributes, nested constructs, and possibly other vectors.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-399 Resource Management Errors
CWE-112 Missing XML Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://jira.codehaus.org/browse/WSTX-285
generic_textual MODERATE http://jira.codehaus.org/browse/WSTX-287
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1028.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1437.html
rhas Important https://access.redhat.com/errata/RHSA-2013:1028
rhas Important https://access.redhat.com/errata/RHSA-2013:1185
rhas Important https://access.redhat.com/errata/RHSA-2013:1437
epss 0.03061 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.03061 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.03061 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.03061 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.04301 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.04301 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.04301 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.04301 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.04301 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.04301 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.04301 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.04301 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.04301 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.05323 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.18532 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.18532 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.18532 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.203 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
epss 0.25799 https://api.first.org/data/v1/epss?cve=CVE-2013-2160
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=929197
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-254q-rp36-v2m8
cvssv3.1 6.1 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
generic_textual CRITICAL https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 5.3 https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 6.1 https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-2160
Reference id Reference type URL
http://jira.codehaus.org/browse/WSTX-285
http://jira.codehaus.org/browse/WSTX-287
http://rhn.redhat.com/errata/RHSA-2013-1028.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2160.json
https://api.first.org/data/v1/epss?cve=CVE-2013-2160
https://bugzilla.redhat.com/show_bug.cgi?id=929197
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2160
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*
CVE-2013-2160 https://nvd.nist.gov/vuln/detail/CVE-2013-2160
CVE-2013-2160;OSVDB-95011 Exploit http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
CVE-2013-2160;OSVDB-95011 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/26710.txt
CVE-2013-2160.TXT.ASC https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
GHSA-254q-rp36-v2m8 https://github.com/advisories/GHSA-254q-rp36-v2m8
RHSA-2013:1028 https://access.redhat.com/errata/RHSA-2013:1028
RHSA-2013:1185 https://access.redhat.com/errata/RHSA-2013:1185
RHSA-2013:1437 https://access.redhat.com/errata/RHSA-2013:1437
Data source Exploit-DB
Date added July 9, 2013
Description Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service
Ransomware campaign use Known
Source publication date July 9, 2013
Exploit type dos
Platform multiple
Source update date July 9, 2013
Source URL http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-2160
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90781
EPSS Score 0.03061
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.