Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk...

Design/Logic Flaw

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update

An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

XML External Entity (XXE)

Apache CXF JAX-RS is vulnerable to XML eternal entity XXE attacks. The Atom MessageBodyReaders use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. This represents a major XXE risk...

CVE-2016-8739

Apache CXF JAX-RS implementation provides a number of Atom MessageBodyReaders. These readers use Apache Abdera Parser to parse Atom feeds or Entries, with this Parser expanding XML entities by default. It was found that this represents a major XXE risk...