Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache cxf 2.5.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5633
The URIMappingInterceptor in Apache CXF prior to 2.5.8, 2.6.x prior to 2.6.5, and 2.7.x prior to 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote malicious users to obtain access to SOAP services via an HTTP GET request.
Apache Cxf 2.5.2
Apache Cxf 2.5.3
Apache Cxf 2.5.0
Apache Cxf 2.5.1
Apache Cxf 2.5.5
Apache Cxf 2.5.6
Apache Cxf
Apache Cxf 2.5.4
Apache Cxf 2.6.0
Apache Cxf 2.6.2
Apache Cxf 2.6.3
Apache Cxf 2.6.4
Apache Cxf 2.6.1
Apache Cxf 2.7.0
Apache Cxf 2.7.1
NA
CVE-2013-0239
Apache CXF prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote malicious users to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a...
Apache Cxf 2.5.2
Apache Cxf 2.4.6
Apache Cxf 2.5.3
Apache Cxf 2.4.0
Apache Cxf 2.4.3
Apache Cxf 2.5.7
Apache Cxf 2.4.4
Apache Cxf 2.4.2
Apache Cxf 2.5.0
Apache Cxf 2.5.1
Apache Cxf 2.5.5
Apache Cxf
Apache Cxf 2.4.1
Apache Cxf 2.5.6
Apache Cxf 2.4.7
Apache Cxf 2.4.5
Apache Cxf 2.5.4
Apache Cxf 2.6.0
Apache Cxf 2.6.2
Apache Cxf 2.6.5
Apache Cxf 2.6.3
Apache Cxf 2.6.4
NA
CVE-2012-5575
Apache CXF 2.5.x prior to 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote malicious users to force CXF to use w...
Apache Cxf 2.5.2
Apache Cxf 2.5.9
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Soa Platform 4.3.0
Apache Cxf 2.6.0
Apache Cxf 2.5.3
Apache Cxf 2.7.3
Apache Cxf 2.5.7
Redhat Jboss Fuse Esb Enterprise 7.1.0
Apache Cxf 2.6.2
Apache Cxf 2.5.0
Apache Cxf 2.5.1
Apache Cxf 2.5.5
Apache Cxf 2.5.8
Apache Cxf 2.6.5
Apache Cxf 2.7.0
Apache Cxf 2.6.6
Apache Cxf 2.6.3
Redhat Jboss Enterprise Portal Platform 4.3.0
Apache Cxf 2.5.6
Apache Cxf 2.6.4
Apache Cxf 2.6.1
NA
CVE-2012-2379
Apache CXF 2.4.x prior to 2.4.8, 2.5.x prior to 2.5.4, and 2.6.x prior to 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
Apache Cxf 2.4.6
Apache Cxf 2.4.0
Apache Cxf 2.4.3
Apache Cxf 2.4.4
Apache Cxf 2.4.2
Apache Cxf 2.4.1
Apache Cxf 2.4.7
Apache Cxf 2.4.5
Apache Cxf 2.5.2
Apache Cxf 2.5.3
Apache Cxf 2.5.0
Apache Cxf 2.5.1
Apache Cxf 2.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started