GHSA-3357-829x-m9pr

Source

https://github.com/advisories/GHSA-3357-829x-m9pr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-3357-829x-m9pr/GHSA-3357-829x-m9pr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3357-829x-m9pr

Aliases

CVE-2015-5175

Published

2018-10-18T16:57:00Z

Modified

2024-02-16T08:17:59.423130Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks

Details

Application plugins in Apache CXF Fediz prior to version 1.1.3 and 1.2.x prior to 1.2.1 allow remote attackers to create a denial of service.

Database specific

{
    "nvd_published_at": "2017-06-07T20:29:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:53:50Z"
}

References

Affected packages

Maven

org.apache.cxf.fediz:fediz-idp

Package

Name: org.apache.cxf.fediz:fediz-idp; View open source insights on deps.dev
Purl: pkg:maven/org.apache.cxf.fediz/fediz-idp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.3

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0

1.1.1

1.1.2

org.apache.cxf.fediz:fediz-idp

Package

Name: org.apache.cxf.fediz:fediz-idp; View open source insights on deps.dev
Purl: pkg:maven/org.apache.cxf.fediz/fediz-idp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.2

Fixed

1.2.1

Affected versions

1.*

1.2.0

org.apache.cxf.fediz:fediz-core

Package

Name: org.apache.cxf.fediz:fediz-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.cxf.fediz/fediz-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.3

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0

1.1.1

1.1.2

org.apache.cxf.fediz:fediz-core

Package

Name: org.apache.cxf.fediz:fediz-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.cxf.fediz/fediz-core