{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3c522517-fc82-5dc0-87ac-556b7c67196d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-http-signature", "version": "3.5.11-tuxcare.5", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:32aed713-2bde-54c2-a622-a3c1c93eded6", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:320bb1bd-1f1b-5222-aa93-ab6e2f4420a2", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:61b46aee-6eb3-5b8e-afce-28a066c93205", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:38385399-aa22-5f07-a777-86c3beaa1c35", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7ca8a855-1ab5-5e84-bf5d-56df08f1f09a", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b16e1756-5d6d-5b8c-b96f-c5a4fb562807", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b121499b-d31d-5153-b111-5d3e380948ea", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c88fa814-ccaa-557d-b310-0893d542ad2d", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3ea2cd88-ab13-51dd-b9c8-3e0808a33e4f", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:52031569-4537-5799-aa92-d9f3f530a84e", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2981378a-ac02-5fc0-90c2-2c701de85391", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c747d2ac-7b92-57cf-aa5b-1f081e4b29de", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9bf1206d-493c-5f00-baf0-5071af8a7a59", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:72edb54f-c8e9-54f3-a4d4-d5f0f3af3420", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ea4088b2-d7e2-549c-bcca-31ffbaa5f01f", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2b429f87-bc67-5b8d-b2e0-d45c1b8be93d", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0168f3e3-f06f-5ddb-8e2a-af0226cbfb3a", "id": "CVE-2014-0119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0119 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5423ad6d-88a9-528d-a829-86886605cb16", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d0bb6b27-acbd-52da-b2a2-92cb5e3f5a5b", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ec0505e7-00c5-5e31-ad2b-52dabdd665f7", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6ccea062-a7bc-5100-90a0-f26aeafe5baf", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ce22339-684f-55ca-b91b-f805098fd75a", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a21e8401-58d8-55b6-9c34-ff8c24b98b05", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e3b73420-744f-5b4d-a1b4-044242218e9e", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:61c2ab40-e2fe-5b23-87b5-c0891a640a2f", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7f290e16-dfdb-5690-8742-f7f94e374cc6", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.11-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:14337f39-9376-5321-b932-015dc6025864", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e8a847b7-c5e6-5094-a3ca-526a3dd89600", "id": "CVE-2022-22932", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-22932 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.11-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:793a9b7e-9030-50c5-a99b-fe3e357948ad", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:04d7ec00-3ee4-56be-9ac3-ee1832b53764", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.11-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b502a8a9-73ab-57bb-a8cf-572e37cf6044", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:359561bb-3d25-5b68-b774-8fc97bca391d", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.11-tuxcare.5 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.11-tuxcare.5" } ] }