{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:39688b91-5e57-5767-a7d2-4741563e3b91", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-rs-security-http-signature", "version": "3.5.9-tuxcare.4", "purl": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7412dd75-2779-5670-8c49-0ae5e542783b", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3f8b10a4-1487-53d4-ad54-b1bd61c70549", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8765eaf0-b992-558f-8ef8-2c17dc928927", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4cdd9ffd-f567-573e-9eb9-04f486ab7382", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:50c2dde9-a23d-5bdd-b164-3693a7b3bfb9", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e0c4777a-4dcc-5163-91c2-8082e110d6f9", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8593320-5206-5b6e-911a-c197a894e414", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:88ebe345-2f37-571a-83a2-d7cde425233c", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61a70f0b-930d-57fd-882b-edadeba8522e", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea7ccb6e-8ef9-5953-9f54-48509885796d", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:09e2ec9e-db31-5975-991a-6d68bcbbfc7f", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:066a7b6a-f596-54df-ab8a-644aabae999c", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08f06da8-419e-5f04-a978-fc5ce2fefd81", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fdbc2e5d-3328-5a85-b94e-654a9858861b", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ecb9def-4e8c-5348-b48a-d76848710fba", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:63a2c08d-3426-5880-9301-d80cf83e4f6c", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:667e76b4-bb3c-54f0-b278-c560a694afc0", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:654a8520-aed9-5926-b7f3-e0fb4932baa6", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8494f041-61a4-504c-a678-672cfae0ed43", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f36a4ca6-fc15-5b50-b3f4-7e514b2d9f90", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:731163fb-e5fa-5d88-ae4a-3c1c9e7828a2", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb8d9c3d-55ad-5b97-8dcb-fc2a55d28ca5", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5ac4dcb-a47a-5b41-a777-ddf0f70581d5", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:decdeec1-d145-55fd-9d3a-fb8414ea4d93", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f437c386-77f0-5395-a0db-72cd3a9831e7", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afce0ae5-87bf-55ac-99f5-27baff522abc", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9a2e5a9-0445-5283-bf34-c8f452a7a1c1", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:362acf48-aeca-5f17-81d3-54a3beadc1e6", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:22a09dd7-f763-520a-8dda-5924179fb9f5", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9bec83e-091d-59f0-b983-b0da7e6da51d", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-rs-security-http-signature 3.5.9-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:705ee8bb-3b49-53e2-b449-92fc89f177d9", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f97ea26-a179-5c93-aadf-26efa2af6e0d", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53162682-98c8-5d07-9465-293ddf392e32", "id": "CVE-2025-48795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48795 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:787b0a89-3d75-5c5d-bdc2-9793b172848c", "id": "CVE-2025-48913", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48913 is fixed in version 3.5.9-tuxcare.4 of org.apache.cxf:cxf-rt-rs-security-http-signature." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-rs-security-http-signature@3.5.9-tuxcare.4" } ] }