VYPR

Maven package

org.apache.cxf/cxf-rt-transports-http

pkg:maven/org.apache.cxf/cxf-rt-transports-http

Vulnerabilities (3)

  • CVE-2024-41172Jul 19, 2024
    affected >= 4.0.0, < 4.0.5fixed 4.0.5

    In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the appli

  • CVE-2018-8039HigJul 2, 2018
    affected >= 3.2.0, < 3.2.5fixed 3.2.5

    It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work w

  • CVE-2012-5575Aug 19, 2013
    affected >= 2.5.0, < 2.5.10fixed 2.5.10

    Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cr