Lucene search

K
ApacheCxf2.5.4

6 matches found

CVE
CVE
added 2013/08/19 11:55 p.m.84 views

CVE-2012-5575

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorit...

6.4CVSS5.7AI score0.08385EPSS
CVE
CVE
added 2013/03/12 11:55 p.m.81 views

CVE-2012-5633

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

5.8CVSS9.1AI score0.02299EPSS
CVE
CVE
added 2013/08/19 11:55 p.m.75 views

CVE-2013-2160

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vec...

5CVSS7AI score0.203EPSS
CVE
CVE
added 2013/03/12 11:55 p.m.64 views

CVE-2013-0239

Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.

5CVSS9.4AI score0.04757EPSS
CVE
CVE
added 2014/05/08 2:29 p.m.60 views

CVE-2014-0109

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.

4.3CVSS8.6AI score0.06069EPSS
CVE
CVE
added 2014/05/08 2:29 p.m.53 views

CVE-2014-0110

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.

4.3CVSS8.6AI score0.06069EPSS