org.apache.cxf:cxf-bundle-minimal@2.5.8 vulnerabilities
-
latest version
2.7.18
-
latest non vulnerable version
-
first published
16 years ago
-
latest version published
8 years ago
-
licenses detected
- [2.0.8,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.cxf:cxf-bundle-minimal package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.cxf:cxf-bundle-minimal is an open source services framework. Affected versions of this package are vulnerable to Denial of Service (DoS) via a large invalid SOAP message. How to fix Denial of Service (DoS)? Upgrade |
[2.1.10,2.2)
[2.2.6,2.6.14)
[2.7.0,2.7.11)
|
org.apache.cxf:cxf-bundle-minimal is an open source services framework. Affected versions of this package are vulnerable to Information Exposure. The How to fix Information Exposure? Upgrade |
[2.0.6,2.6.13)
[2.7.0,2.7.10)
|
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. |
[2.4.1,2.5.9)
[2.6.0,2.6.6)
[2.7.0,2.7.3)
|