{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-24T00:00:00", "descriptions": [{"lang": "en", "value": "The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-16T11:07:11", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20141024 New security advisories released for Apache CXF", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q4/437"}, {"name": "61909", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61909"}, {"name": "70738", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70738"}, {"name": "apache-cxf-cve20143584-dos(97753)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97753"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3584", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20141024 New security advisories released for Apache CXF", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q4/437"}, {"name": "61909", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61909"}, {"name": "70738", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70738"}, {"name": "apache-cxf-cve20143584-dos(97753)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97753"}, {"name": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:17.625Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20141024 New security advisories released for Apache CXF", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q4/437"}, {"name": "61909", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61909"}, {"name": "70738", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70738"}, {"name": "apache-cxf-cve20143584-dos(97753)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97753"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3584", "datePublished": "2014-10-30T14:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.625Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C1F2928-4E24-4090-9505-083625C2FC4F", "versionEndIncluding": "2.6.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F069B04-FDA0-41C3-BCAC-C74A310078B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C629A8A7-BFB3-453B-9BCA-3873512410FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "346AF04F-E0C5-45EE-A421-2E1A4E2B57FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "29777E8F-4DB3-4E9E-9FF4-D13749A7C0AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA20A9DA-2BEB-4699-A8D4-A90EA036693F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "789F6EB3-43A8-4CFA-9A79-31AEDCF22344", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "3D97E063-EBB9-4676-8C51-0FF4455F3077", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "2BF1E39F-B945-46B4-BEF0-A26CF04C39E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "9C508FB9-835A-4240-9F61-21C1D73C00B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "773D1A4F-9787-492A-97A0-FB94E276A6AE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service."}, {"lang": "es", "value": "SamlHeaderInHandler en Apache CXF anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 3.0.x anterior a 3.0.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de un token SAML manipulado en la cabecera de autorizaci\u00f3n de una solicitud hacia un servicio JAX-RS."}], "id": "CVE-2014-3584", "lastModified": "2023-11-07T02:20:14.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-30T14:55:07.660", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2014/q4/437"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61909"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/70738"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97753"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:0400", "cpe": "cpe:/a:redhat:jboss_fuse:6.1.0", "product_name": "Red Hat JBoss Fuse 6.1", "release_date": "2014-04-14T00:00:00Z"}], "bugzilla": {"description": "CXF: Denial of Service (DoS) via invalid JAX-RS SAML tokens", "id": "1157330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157330"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-130->CWE-835", "details": ["The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service."], "name": "CVE-2014-3584", "package_state": [{"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "cxf", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:6", "fix_state": "Not affected", "package_name": "Web Services", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Not affected", "package_name": "Web Services", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Not affected", "package_name": "Web Services", "product_name": "Red Hat JBoss BRMS 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Not affected", "package_name": "Web Services", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Not affected", "package_name": "cxf", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "Web Services", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "fuse-esb-7", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "others", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "Web Services", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Not affected", "package_name": "Web Services", "product_name": "Red Hat JBoss SOA Platform 5"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "activemq", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "cxf", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Affected", "package_name": "openshift-origin-cartridge-amq", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Affected", "package_name": "openshift-origin-cartridge-fuse", "product_name": "Red Hat OpenShift Enterprise 2"}], "public_date": "2014-10-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3584\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3584"], "statement": "This issue did not affect Apache CXF as shipped with Red Hat JBoss Enterprise Application Platform 5 and 6; Red Hat JBoss Enterprise Web Platform 5; Red Hat JBoss SOA Platform 5; Red Hat JBoss Fuse Service Works 6; Red Hat JBoss BRMS 5 and 6; Red Hat JBoss BPM Suite 6; Red Hat JBoss Data Virtualization 6; Red Hat JBoss Operations Network 3 and Red Hat JBoss Portal Platform 6 as the REST Web Services endpoints are not available.\nFuse ESB Enterprise 7 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/", "threat_severity": "Moderate", "upstream_fix": "cxf 2.6.11, cxf 2.7.8, cxf 3.0.0-milestone1"}