{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:177146c7-dc51-5d78-b6a6-10c757b31131", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-http-signature", "version": "3.5.11-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c1bea715-cf33-5df1-9377-d05731c4f544", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b3275736-cfcf-5eba-94f7-3b353278cc06", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:303999d5-9ee0-5d68-a749-c521051fc61d", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afb062cd-4ba9-52ad-abc4-794c87cd07b0", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de53d189-05c3-5a4b-9b24-6c88a7c18751", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0499876c-1263-572e-98b1-ca5fdb2b5e7b", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1adbde13-976b-56a2-89c2-a02d9ae45993", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b7e5f239-0039-5817-92c6-3dd191cf6dfb", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5064d69-582b-5b40-b070-3678ca5d5aa7", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7b8df61d-9bb6-5cb4-b677-fc3c4612ca7a", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53ce9d8f-a63a-5759-856b-bf603e92976b", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f727c20f-98c9-5204-bab4-ecb93fbc1784", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c08c6c7-2fe0-5c6f-8bb2-3cbda79c6ea6", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5cc5dbd9-6be8-509a-82be-bebb7ecd1e36", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9da51830-5d5e-53d8-b480-0b9cedf2cef4", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6aff5305-2c9b-5db4-8f77-989cb08fbdbd", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cba2bc33-f05c-5e1c-95e6-597af46bfa55", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:04f60dce-b4db-5598-b68b-c49c25a1fc6f", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8da7d3d2-e5d8-5b44-9f67-586bb9632a72", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:688bf340-7bef-5792-b855-ca77b9b2b0ac", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:236f06c2-e88d-5fa3-a3bf-5568a5878217", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1fccdbe1-9740-5d22-a7dd-a3b2e05516e4", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:485d6ca9-0442-546f-9df8-62d2af86f5c9", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ad6f62e3-9fb2-599f-8b22-6dcccdaecf8e", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e4a0b77-dc7e-537a-85c3-bee84ae471b2", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65ff1e86-1c70-5f74-8440-e74932d2f0d5", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:09868d3e-2ee6-5d89-9cf4-0f257ca6b915", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbd3d7ef-995b-58b2-9a4e-1c0234f072ab", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:493e1bbf-714d-5204-b933-d173aedf7d3e", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:504bc31e-52d8-5ca1-861a-22831fca5413", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.11-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f55c6dee-0c8d-570e-bd77-ee62b909e2ac", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cedc771a-f4ea-53bd-90a8-232375b09e29", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.4" } ] }