Lucene search
K

7 matches found

Snyk
Snyk
added 2026/06/12 11:11 a.m.7 views

Improperly Implemented Security Check for Standard

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to a logic error in the OAuthRequestFilter request handler. An attacker can bypass intended IP address restrictions...

9.8CVSS5.4AI score0.00629EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/01/30 3:31 p.m.6 views

io.github.rzo1.org.apache.cxf:apache-cxf (=4.2.0-tomee-m0-071068f), io.github.rzo1.org.apache.cxf:cxf-distribution-javadoc (=4.2.0-tomee-m0-071068f) +9 more potentially affected by CVE-2024-4027 via io.undertow:undertow-core (=2.4.0.Alpha1)

io.undertow:undertow-core MAVEN version =2.4.0.Alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on io.undertow:undertow-core and may be impacted: - io.github.rzo1.org.apache.cxf:apache-cxf =4.2.0-tomee-m0-071068f -...

7.5CVSS5.8AI score0.00575EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/13 1:9 a.m.5 views

com.eurodyn.qlack2.util:qlack2-util-apache-santuario-fragment (>=2.3.3 <=2.3.19), com.eurodyn.qlack2.util:qlack2-util-sso (>=2.3.3 <=2.3.19) +10 more potentially affected by CVE-2015-5253 via org.apache.cxf:cxf-rt-rs-security-sso-saml (>=3.1.0 <=3.1.2)

org.apache.cxf:cxf-rt-rs-security-sso-saml MAVEN version =3.1.0, =2.3.3, =2.3.3, =1.3.2, =1.4.0, =1.3.2, =1.4.0, =3.1.0, =3.1.0, =2.0.3, =2.0.3, =5.2.0-RC1, =5.2.0-RC3 Source cves: CVE-2015-5253 Source advisory: OSV:GHSA-3336-H95J-HVVF...

4CVSS7.2AI score0.05696EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/02 3:13 a.m.6 views

org.apache.camel:camel-xmlsecurity (>=2.0-M1 <=2.5.0), org.apache.cxf.dosgi.samples:cxf-dosgi-ri-samples-greeter-client (=1.0) +71 more potentially affected by CVE-2009-0217 via org.apache.santuario:xmlsec (=1.4.2)

org.apache.santuario:xmlsec MAVEN version =1.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.santuario:xmlsec and may be impacted: - org.apache.camel:camel-xmlsecurity =2.0-M1, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.2.2...

5CVSS7.1AI score0.06348EPSS
Exploits0
CNVD
CNVD
added 2015/11/19 12:0 a.m.3 views

Apache CXF SAML Web SSO Module Authentication Bypass Vulnerability

Apache CXF is an open source service framework for the use of JAX-WS, JAX-RS and other front-end programming API compilation and development services. A security vulnerability in the SAML Web SSO module of Apache CXF allows remote attackers to bypass authentication by constructing specially craft...

4CVSS8.4AI score0.05696EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/11/25 4:48 p.m.5 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix

It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS6.7AI score0.09254EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/29 8:11 p.m.6 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix

It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS6.7AI score0.09254EPSS
Exploits0References4
Rows per page
Query Builder