Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/01 11:26 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the normalization performed by the AbstractPolicyOperator class. An attacker can cause unbounded memory allocation and exhaust the JVM heap by submitting malicious WS-Policy...

8.7CVSS5.8AI score0.00711EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/01 8:54 a.m.7 views

EUVD-2026-26485

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS5.7AI score0.00711EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/01 8:38 a.m.30 views

CVE-2026-42403 Apache Neethi: Circular Policy Reference Infinite Loop

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

7.5CVSS0.00763EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2012/12/18 10:17 p.m.6 views

apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the 1 AlgorithmSuite, 2 SignedParts, 3 SignedElements, 4...

4.3CVSS7.4AI score0.03926EPSS
Exploits0References5
Rows per page
Query Builder