{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:831f4887-82d8-5795-9dab-438e5dc808de", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1", "type": "library", "group": "org.apache.cxf", "name": "cxf-rt-transports-http", "version": "3.5.9.tuxcare.1", "purl": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:de533a12-416e-5011-889e-aac1a8a10c93", "id": "CVE-2005-4838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2005-4838 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8840c0cd-2c25-5acf-9b76-b182b28963e4", "id": "CVE-2006-7196", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2006-7196 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:948d8dd3-30b9-5083-a1ee-849aee576be6", "id": "CVE-2007-1358", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1358 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe28e39c-7220-58b6-ba26-64e0ff33da11", "id": "CVE-2007-2449", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-2449 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f2a878e-68d0-58e1-8f61-bd46049e402f", "id": "CVE-2008-0128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2008-0128 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b340e387-9cbd-5c07-a3d4-f8e28b75331b", "id": "CVE-2009-2696", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2009-2696 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6b34ce4-18d7-565d-b4f4-b4dfe572b063", "id": "CVE-2010-1151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2010-1151 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1df8f71-fe11-53cc-b08c-26ed42f3ad1c", "id": "CVE-2013-2185", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-2185 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bcd0ca21-db42-53d9-b077-cb503aab8ace", "id": "CVE-2013-4286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4286 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75ab6ff2-5111-5fef-b945-d01a8538905f", "id": "CVE-2013-4322", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4322 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05de0042-7e60-5e8e-bbbc-0e418f7db541", "id": "CVE-2013-4444", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4444 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:760d331f-47b5-5f08-9685-a9deb1432281", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf7cdc00-0ac0-590c-92b1-fb26a161c063", "id": "CVE-2013-6357", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6357 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26260fd8-71e6-5089-aee7-0c677b2850b2", "id": "CVE-2014-0075", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0075 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5e99929-625f-54d1-b64f-982d674c7696", "id": "CVE-2014-0096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0096 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a90071d8-676c-5403-bcfd-92e4ca32b10e", "id": "CVE-2014-0099", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0099 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c18e37c-014d-5ab0-b4da-525e3eb5bea1", "id": "CVE-2014-0119", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2014-0119 is a false positive for org.apache.cxf:cxf-rt-transports-http 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b59d376-3889-5794-8f1c-1fdf1a356de3", "id": "CVE-2014-0219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0219 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c34c6844-b03a-5a79-bfa6-0db7aa6eb386", "id": "CVE-2016-8735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8735 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50c37ad8-d55f-5140-b623-d9a9a7ef5306", "id": "CVE-2016-8750", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8750 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2259c336-2357-5137-9eb3-a90be7110736", "id": "CVE-2018-11786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11786 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fbb4afa-cff0-58b4-afae-529a386afdd0", "id": "CVE-2018-11788", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11788 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9f6af0f-6403-59b9-a21f-60f4d4e2e073", "id": "CVE-2019-0191", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0191 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6573d7f-5b8b-565a-9a8a-11e3c26918bc", "id": "CVE-2019-0226", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-0226 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e57d6716-d847-5e52-9186-fbd6e2b74235", "id": "CVE-2020-11980", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11980 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2ad950a-471d-55b4-ad17-03994e84594d", "id": "CVE-2020-8022", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2020-8022 is a false positive for org.apache.cxf:cxf-rt-transports-http 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5dec9387-cc68-5b33-9e4f-9af302c28f13", "id": "CVE-2021-41766", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-41766 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:750daf43-387f-5928-b059-c8a7ff746e6c", "id": "CVE-2022-22932", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22932 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dffecd51-ab6b-52c0-a5d5-01ec4bc7b8eb", "id": "CVE-2022-40145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-40145 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9005d00-1581-5417-a176-af2d7f3c521a", "id": "CVE-2025-15104", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-15104 is a false positive for org.apache.cxf:cxf-rt-transports-http 3.5.9.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:977773ba-48e0-5e1e-8eaf-aabbb0d6db5a", "id": "CVE-2025-23184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-23184 is fixed in version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ee98ff9-c3df-52c2-a437-ab011800afe6", "id": "CVE-2025-24813", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24813 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf68f67e-af5d-5d50-86ad-4fc0813f125c", "id": "CVE-2025-48795", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48795 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5f04902-11f5-5e7f-8df0-9be4198c43f3", "id": "CVE-2025-48913", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48913 affects version 3.5.9.tuxcare.1 of org.apache.cxf:cxf-rt-transports-http." }, "affects": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.cxf/cxf-rt-transports-http@3.5.9.tuxcare.1" } ] }