Lucene search
K

44 matches found

Cvelist
Cvelist
added 2026/05/01 9:46 a.m.61 views

CVE-2026-42404 Apache Neethi: Unrestricted HTTP Redirect Following in Policy References

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

6.5CVSS0.00497EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/01 9:46 a.m.3 views

CVE-2026-42404 Apache Neethi: Unrestricted HTTP Redirect Following in Policy References

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/01 9:46 a.m.5 views

CVE-2026-42404

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/01 9:46 a.m.32 views

EUVD-2026-26491

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

7.2CVSS5.9AI score0.00497EPSS
Exploits0References1
CVE
CVE
added 2026/05/01 9:46 a.m.51 views

CVE-2026-42404

CVE-2026-42404 — Apache Neethi : The PolicyReference API allows an application calling a remote policy reference to initiate outbound requests to arbitrary protocols/IPs, with no URI restrictions pre-3.2.2. Reports indicate the issue enables unrestricted HTTP redirection when fetching remote poli...

7.2CVSS5.9AI score0.00497EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/01 9:30 a.m.8 views

ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23), be.eliwan:eoddata-client (=1.0) +2590 more potentially affected by CVE-2026-42403 via org.apache.neethi:neethi (>=2.0 <=3.2.1)

org.apache.neethi:neethi MAVEN version =2.0, =1.9.0, =1.1.7, =1.1.9, =1.2.5, =3.00.4, =3.00.3, =4.00.10, =11.4-37, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE and more Source cves: CVE-2026-42403 Source advisory: OSV:GHSA-2HFH-9H53-QC24...

7.5CVSS5.4AI score0.00763EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/01 9:30 a.m.8 views

ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23), be.eliwan:eoddata-client (=1.0) +2590 more potentially affected by CVE-2026-42402 via org.apache.neethi:neethi (>=2.0 <=3.2.1)

org.apache.neethi:neethi MAVEN version =2.0, =1.9.0, =1.1.7, =1.1.9, =1.2.5, =3.00.4, =3.00.3, =4.00.10, =11.4-37, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE and more Source cves: CVE-2026-42402 Source advisory: OSV:GHSA-G36M-9G3M-2VMP...

7.5CVSS5.4AI score0.00711EPSS
Exploits0
OSV
OSV
added 2026/05/01 9:30 a.m.3 views

GHSA-G36M-9G3M-2VMP Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS5.7AI score0.00711EPSS
Exploits0References4
OSV
OSV
added 2026/05/01 9:30 a.m.5 views

GHSA-2HFH-9H53-QC24 Apache Neethi does not properly detect circular references in policy definitions.

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

7.5CVSS5.8AI score0.00763EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.10 views

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS5.7AI score0.00711EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.11 views

Apache Neethi does not properly detect circular references in policy definitions.

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

7.5CVSS5.8AI score0.00763EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/01 9:16 a.m.5 views

CVE-2026-42403

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

7.5CVSS0.00763EPSS
Exploits0References2
NVD
NVD
added 2026/05/01 9:16 a.m.3 views

CVE-2026-42402

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS0.00711EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:54 a.m.5 views

CVE-2026-42402

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS5.7AI score0.00711EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/01 8:54 a.m.5 views

CVE-2026-42402 Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS5.7AI score0.00711EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/01 8:54 a.m.7 views

EUVD-2026-26485

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS5.7AI score0.00711EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/01 8:38 a.m.5 views

EUVD-2026-26486

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

7.5CVSS5.8AI score0.00763EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:38 a.m.6 views

CVE-2026-42403

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

7.5CVSS5.8AI score0.00763EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/01 8:38 a.m.4 views

CVE-2026-42403 Apache Neethi: Circular Policy Reference Infinite Loop

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

7.5CVSS5.8AI score0.00763EPSS
Exploits0References1
CVE
CVE
added 2026/05/01 8:38 a.m.91 views

CVE-2026-42403

Apache Neethi (CVE-2026-42403) can fail to detect circular WS-Policy references during policy normalization, causing infinite recursion or an infinite loop that may lead to stack overflow or application hang. An attacker can craft policy documents with circular references, resulting in Denial of ...

7.5CVSS5.8AI score0.00763EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder