CVE-2026-42404
- EPSS 0.04%
- Veröffentlicht 01.05.2026 09:46:49
- Zuletzt bearbeitet 01.05.2026 18:06:24
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made f...
CVE-2026-42402
- EPSS 0.04%
- Veröffentlicht 01.05.2026 08:54:41
- Zuletzt bearbeitet 01.05.2026 18:08:59
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, cau...
CVE-2026-42403
- EPSS 0.03%
- Veröffentlicht 01.05.2026 08:38:16
- Zuletzt bearbeitet 01.05.2026 18:08:21
Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter...