The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Information Exposure vulnerabilities in an interactive lesson.
Start learningUpgrade org.apache.cxf:cxf-bundle
to version 2.6.13, 2.7.10 or higher.
org.apache.cxf:cxf-bundle is a services framework that helps you build and develop services using frontend programming APIs.
Affected versions of this package are vulnerable to Information Exposure. The SymmetricBinding
when EncryptBeforeSigning
is enabled and the UsernameToken
policy is set to an EncryptedSupportingToken
, transmits the UsernameToken
in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.