Security Bulletin: Vulnerabilities found in cxf-rt-transports-http-3.0.3.jar which is shipped with IBM® Intelligent Operations Center(CVE-2016-6812, CVE-2018-8039, CVE-2020-13954)

Summary Multiple vulnerabilities have been identified in cxf-rt-transports-http-3.0.3.jarr which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs...

com.argusoft:medplat_core (>=0.0.1 <=0.0.8), com.argusoft:medplat_lms (=0.0.1) +294 more potentially affected by CVE-2016-6812 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.0.11)

org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =0.0.1, =3.0.1, =0.0.1, =0.6, =0.1.0, =0.1.0, =1.4, =1.6, =2.0.0, =2.0.9, =2.3.16, =1.0.0, =1.0.0, =1.0.0, =2.0.4 and more Source cves: CVE-2016-6812 Source advisory: OSV:GHSA-VW2C-5WPH-V92R...

Security Bulletin: Security vulnerabilities have been identified in the Apache CXF component of IBM Tivoli Network Manager IP Edition (CVE-2016-6812, CVE-2016-8739)

Summary Security vulnerabilities have been addressed in the Apache CXF component of IBM Tivoli Network Manager IP Edition. Vulnerability Details CVEID: CVE-2016-6812 DESCRIPTION: Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

CVE-2016-6812

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. Th...

CVE-2016-6812

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. Th...

CVE-2016-6812

CVE-2016-6812 affects the HTTP transport module of Apache CXF. The issue arises when the service list page is generated using the calculated base URL; if the request URL contains unexpected matrix parameters, they may be echoed back in the service endpoint URLs, causing a reflected cross‑site scr...

Fedora 25 : 1:cxf (2016-2361e1e07a)

fixes CVE-2016-6812 CVE-2016-8739 rhbz1406810,1406811,1406813 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...