pkg:maven/org.apache.cxf/cxf
Type
maven
Namespace
org.apache.cxf
Name
cxf
Known advisories, vulnerabilities and fixes for org.apache.cxf/cxf package.
Critical
2
High
6
Moderate
5
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 2.6.0, < 2.6.1 >= 2.5.0, < 2.5.4 >= 2.4.0, < 2.4.8 |
CVE-2012-2379
|
 MAVEN:GHSA-2G99-C67P-56HM
|
XML Signature/Encryption Not Validated in Apache CXF | high |
2022-05-13T01:09:22
(2 years ago) |
|
| Fixed | = 2.6.1 = 2.5.4 = 2.4.8 |
CVE-2012-2379
|
MAVEN:GHSA-2G99-C67P-56HM
|
XML Signature/Encryption Not Validated in Apache CXF | high |
2022-05-13T01:09:22
(2 years ago) |
|
| Affected | >= 2.5.0, <= 2.5.1 >= 2.4.0, <= 2.4.5 |
CVE-2012-0803
|
MAVEN:GHSA-2P7X-JCR3-7P2C
|
Improper Authentication in Apache CXF | critical |
2022-05-13T01:09:22
(2 years ago) |
|
| Fixed | = 2.5.2 = 2.4.6 |
CVE-2012-0803
|
MAVEN:GHSA-2P7X-JCR3-7P2C
|
Improper Authentication in Apache CXF | critical |
2022-05-13T01:09:22
(2 years ago) |
|
| Affected | >= 3.3.0, < 3.3.5 < 3.2.12 |
CVE-2019-12423
|
MAVEN:GHSA-42F2-F9VC-6365
|
Private key leak in Apache CXF | high |
2020-05-22T19:23:04
(4 years ago) |
|
| Fixed | = 3.3.5 = 3.2.12 |
CVE-2019-12423
|
MAVEN:GHSA-42F2-F9VC-6365
|
Private key leak in Apache CXF | high |
2020-05-22T19:23:04
(4 years ago) |
|
| Affected | >= 2.6.0, < 2.6.2 >= 2.5.0, < 2.5.5 < 2.4.9 |
CVE-2012-3451
|
MAVEN:GHSA-55J7-F5WF-43M4
|
Remote web-service operation execution in Apache CXF | high |
2022-05-13T01:09:21
(2 years ago) |
|
| Fixed | = 2.6.2 = 2.5.5 = 2.4.9 |
CVE-2012-3451
|
MAVEN:GHSA-55J7-F5WF-43M4
|
Remote web-service operation execution in Apache CXF | high |
2022-05-13T01:09:21
(2 years ago) |
|
| Affected | >= 3.3.0, < 3.3.4 < 3.2.11 |
CVE-2019-12406
|
MAVEN:GHSA-58P8-9G59-Q2HR
|
Potential DOS attack due to unrestricted attachment count in messages | moderate |
2019-11-08T17:15:11
(4 years ago) |
|
| Fixed | = 3.3.4 = 3.2.11 |
CVE-2019-12406
|
MAVEN:GHSA-58P8-9G59-Q2HR
|
Potential DOS attack due to unrestricted attachment count in messages | moderate |
2019-11-08T17:15:11
(4 years ago) |
|
| Affected | >= 3.4.0, < 3.4.1 < 3.3.8 |
CVE-2020-13954
|
MAVEN:GHSA-64X2-GQ24-75PV
|
Cross-site scripting in Apache CXF | moderate |
2021-04-22T16:15:23
(3 years ago) |
|
| Fixed | = 3.4.1 = 3.3.8 |
CVE-2020-13954
|
MAVEN:GHSA-64X2-GQ24-75PV
|
Cross-site scripting in Apache CXF | moderate |
2021-04-22T16:15:23
(3 years ago) |
|
| Affected | < 3.3.10 >= 3.4.0, < 3.4.3 |
CVE-2021-22696
|
MAVEN:GHSA-7Q4H-PJ78-J7VG
|
Authorization service vulnerable to DDos attacks in Apache CFX | high |
2021-05-13T22:31:05
(3 years ago) |
|
| Fixed | = 3.3.10 = 3.4.3 |
CVE-2021-22696
|
MAVEN:GHSA-7Q4H-PJ78-J7VG
|
Authorization service vulnerable to DDos attacks in Apache CFX | high |
2021-05-13T22:31:05
(3 years ago) |
|
| Affected | >= 3.3.0, < 3.3.4 < 3.2.11 |
CVE-2019-12419
|
MAVEN:GHSA-CW6W-Q88J-6MQF
|
Potential session hijack in Apache CXF | critical |
2019-11-08T17:12:59
(4 years ago) |
|
| Fixed | = 3.3.4 = 3.2.11 |
CVE-2019-12419
|
MAVEN:GHSA-CW6W-Q88J-6MQF
|
Potential session hijack in Apache CXF | critical |
2019-11-08T17:12:59
(4 years ago) |
|
| Affected | >= 3.3.0, < 3.3.5 < 3.2.12 |
CVE-2019-17573
|
MAVEN:GHSA-F93P-F762-VR53
|
Reflected Cross-Site Scripting in Apache CXF | moderate |
2020-06-10T20:02:33
(4 years ago) |
|
| Fixed | = 3.3.5 = 3.2.12 |
CVE-2019-17573
|
MAVEN:GHSA-F93P-F762-VR53
|
Reflected Cross-Site Scripting in Apache CXF | moderate |
2020-06-10T20:02:33
(4 years ago) |
|
| Affected | < 3.3.11 >= 3.4.0, < 3.4.4 |
CVE-2021-30468
|
MAVEN:GHSA-G23V-P5JQ-JVH4
|
Infinite loop in Apache CFX | high |
2022-01-06T18:37:14
(2 years ago) |
|
| Fixed | = 3.3.11 = 3.4.4 |
CVE-2021-30468
|
MAVEN:GHSA-G23V-P5JQ-JVH4
|
Infinite loop in Apache CFX | high |
2022-01-06T18:37:14
(2 years ago) |
|
| Affected | < 3.1.16 >= 3.2.0, < 3.2.5 |
CVE-2018-8039
|
MAVEN:GHSA-JC7R-V6FG-2GPF
|
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* | high |
2018-10-19T16:40:01
(5 years ago) |
|
| Fixed | = 3.1.16 = 3.2.5 |
CVE-2018-8039
|
MAVEN:GHSA-JC7R-V6FG-2GPF
|
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* | high |
2018-10-19T16:40:01
(5 years ago) |
|
| Affected | >= 2.6.0, < 2.6.1 >= 2.5.1, < 2.5.3 >= 2.4.5, < 2.4.8 |
CVE-2012-2378
|
MAVEN:GHSA-VJPC-VF4F-82QG
|
Improper Authentication in Apache CXF | moderate |
2022-05-13T01:09:22
(2 years ago) |
|
| Fixed | = 2.6.1 = 2.5.3 = 2.4.8 |
CVE-2012-2378
|
MAVEN:GHSA-VJPC-VF4F-82QG
|
Improper Authentication in Apache CXF | moderate |
2022-05-13T01:09:22
(2 years ago) |
|
| Affected | >= 2.7.0, < 2.7.2 >= 2.6.0, < 2.6.5 < 2.5.8 |
CVE-2012-5633
|
MAVEN:GHSA-XF9F-32GH-H2W4
|
Improper Authentication in Apache CXF | moderate |
2022-05-13T01:09:21
(2 years ago) |
|
| Fixed | = 2.7.2 = 2.6.5 = 2.5.8 |
CVE-2012-5633
|
MAVEN:GHSA-XF9F-32GH-H2W4
|
Improper Authentication in Apache CXF | moderate |
2022-05-13T01:09:21
(2 years ago) |