Maven package
org.apache.cxf/cxf-rt-transports-http
pkg:maven/org.apache.cxf/cxf-rt-transports-http
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41172 | — | >= 4.0.0, < 4.0.5 | 4.0.5 | Jul 19, 2024 | In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the appli | ||
| CVE-2018-8039 | Hig | 8.1 | >= 3.2.0, < 3.2.5 | 3.2.5 | Jul 2, 2018 | It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work w | |
| CVE-2012-5575 | — | >= 2.5.0, < 2.5.10 | 2.5.10 | Aug 19, 2013 | Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cr |
- CVE-2024-41172Jul 19, 2024affected >= 4.0.0, < 4.0.5fixed 4.0.5
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the appli
- affected >= 3.2.0, < 3.2.5fixed 3.2.5
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work w
- CVE-2012-5575Aug 19, 2013affected >= 2.5.0, < 2.5.10fixed 2.5.10
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cr