{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3a96e120-5aa4-57f7-a058-21da6570afb2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-http-signature", "version": "3.5.11-tuxcare.2", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f5934eac-d5a4-5376-8276-a943a3be5608", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7142e5e2-7ec1-5c6c-8ff3-989da909300f", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a49e06d-829a-5544-82d8-002b1bf5bd30", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57dd5981-6ab7-53a2-8318-a49fae84a5a4", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b85b7c4-e698-55bd-9091-e4010c71ba42", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d47b2929-3534-5608-b359-45e44dc84256", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fee6ca1-335e-532d-a900-b4befd49b8ae", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8051746b-f55f-5ee1-9a5f-7c30dbe4697a", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3450068-c3f4-5c93-bd79-93136501ab6f", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eabf02d4-9a3c-5823-bb88-389dd71b7eb7", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fe8d432-14c5-5410-92a6-db44def14b15", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e05b13a-0454-5743-b9ba-eb61bc678b4b", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3a4764e-3175-5c9e-89fd-40da3bec87d7", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b58799a-c37a-54ee-87e2-3da3768e3fb4", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44e37781-3c68-5858-a437-38cf96691f0b", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f34113e-a3a8-558d-83ec-46c2585cb53a", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ca5ef88-df25-5df1-bd19-5397ea7ebe68", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e460801d-3957-5dea-8ddf-bcdae7513229", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c8ea8dd-d18c-5782-bdf4-4162463d34f3", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:276bf580-5b63-5d5c-9975-22a723e8bd2e", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7e3cf19-dfd5-5536-be83-fe198b7a79a0", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23ba81f9-89d0-5421-9279-13535c78b3ed", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aecb9b0b-1e12-523a-a1a2-9f882cf1d233", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:657be8b0-d3bc-50ba-8a63-1352722b98ee", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5759d542-a61c-5219-8b29-ede73aa268b3", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec2d22ff-b35d-59e9-ab87-cbd2cad4cad1", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae9f277b-dfb7-5f69-af20-b7dfb3d778cc", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:648153e4-88da-596d-b936-404165527aff", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3bf7d6d-4599-54af-9254-33b247941b03", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da595560-81f0-5e36-9675-b1bc9a8eaca5", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.11-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24ff074f-e9b5-50d7-a6eb-77e6eb971432", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:753a79b7-1bad-55c3-93cd-c475d47fc566", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.2 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.2" } ] }