Security Bulletin: Security vulnerabilities have been identified in the Apache CXF component of IBM Tivoli Network Manager IP Edition (CVE-2016-6812, CVE-2016-8739)

Summary Security vulnerabilities have been addressed in the Apache CXF component of IBM Tivoli Network Manager IP Edition. Vulnerability Details CVEID: CVE-2016-6812 DESCRIPTION: Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

CVE-2016-8739

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk...

CVE-2016-8739

CVE-2016-8739 affects the CXF JAX-RS Abdera-based Atom readers, which expand XML entities by default, enabling an XML External Entity (XXE) risk. Affected: Apache CXF JAX-RS before 3.0.12 and before 3.1.x before 3.1.9. Impact per sources: potential read of arbitrary files via crafted XML. Remedia...

Fedora 25 : 1:cxf (2016-2361e1e07a)

fixes CVE-2016-6812 CVE-2016-8739 rhbz1406810,1406811,1406813 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...