org.apache.cxf:cxf-rt-transports-http
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.cxf:cxf-rt-transports-httppage 1 of 1
- CVE-2012-5575NONECVSS 0.0EG 0.0✓ Fixed in 2.7.42013-08-19
vulnerable: 2.7.0, 2.7.1, 2.7.2, 2.7.3
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remot…
- CVE-2018-8039HIGHCVSS 8.1EG 8.1✓ Fixed in 3.1.162018-07-02
vulnerable: 2.0.10 ... 3.1.9 (139 versions)
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection t…
- CVE-2024-41172HIGHCVSS 7.5EG 7.5✓ Fixed in 3.6.42024-07-19
vulnerable: 3.6.0, 3.6.1, 3.6.2, 3.6.3
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue …
Check whether org.apache.cxf:cxf-rt-transports-http is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.cxf:cxf-rt-transports-http CVEs against the assets you own.
Start Free Scan →