54 matches found
CVE-2021-40690
The CVE-2021-40690 issue affects Apache Santuario – XML Security for Java. All versions prior to 2.2.3 and 2.1.7 are vulnerable due to the "secureValidation" property not being passed when creating a KeyInfo from a KeyInfoReference element, enabling an XPath Transform abuse to extract local .xml ...
CVE-2022-46364
CVE-2022-46364 describes an SSRF in Apache CXF when parsing the href attribute of XOP:Include in MTOM requests, affecting CXF versions before 3.5.5 and 3.4.10. The vulnerability enables SSRF-style attacks on webservices with at least one parameter. Remediation is to upgrade to CXF 3.5.5+ or 3.4.1...
CVE-2024-28752
CVE-2024-28752 is a SSRF vulnerability in Apache CXF’s Aegis DataBinding. Affected CXF versions are those before 4.0.4, 3.6.3, and 3.5.8; the issue enables SSRF-style attacks on web services that take at least one parameter. Other data bindings (including default) are not impacted. Remediation: u...
CVE-2025-23184
CVE-2025-23184 describes a potential denial-of-service in Apache CXF where CachedOutputStream instances may not be closed in edge cases, risking file-system exhaustion if backed by temporary files on servers or clients. Affected CXF versions are before 3.5.10, 3.6.5, and 4.0.6. The NVD/Apache-mod...
CVE-2022-46363
CVE-2022-46363 involves Apache CXF. The vulnerability arises when CXFServlet is configured with both static-resources-list and redirect-query-check attributes, enabling remote directory listing or code exfiltration. Affected CXF versions are pre-3.5.5 and pre-3.4.10. The IBM security bulletin cor...
CVE-2021-30468
CVE-2021-30468 is a denial-of-service issue in Apache CXF caused by an infinite loop in the JsonMapObjectReaderWriter. Connected IBM advisories confirm the vulnerability affects CXF usage in IBM products (e.g., Tivoli Network Manager IP Edition and IBM Security Guardium) and list the affected CXF...
CVE-2021-22696
CVE-2021-22696 affects Apache CXF where improper validation of the request_uri parameter in OAuth 2 flows allows a remote attacker to cause a denial of service on the authorization server. The issue occurs when a JWT-based request uses a request_uri to fetch the token, with insufficient validatio...
CVE-2019-12419
CVE-2019-12419 affects Apache CXF OpenId Connect token service prior to CXF 3.3.4 and 3.2.11, where the authenticated principal is not validated against the supplied clientId in the request. This could allow an attacker who obtained an authorization code for one client to exchange it for an acces...
CVE-2019-17573
CVE-2019-17573 is an XSS vulnerability in Apache CXF affecting WebSphere Application Server Liberty’s WebSphere JAX-WS components via the CXF /services listing page. Public docs confirm the issue and cite the vulnerable surface as CXF’s endpoint listing, with exploitation potentially executing sc...
CVE-2019-12406
CVE-2019-12406 describes a denial-of-service in Apache CXF where a message can include an excessive number of attachments. The fixed releases (CXF 3.3.4 and 3.2.11) enforce a default attachment limit of 50, configurable via the attachment-max-count property. IBM/materials reference CXF and note a...
CVE-2019-12423
CVE-2019-12423 affects Apache CXF OpenId Connect JWK Keys service. When rs.security.keystore.type is set to “jwk”, the service may return all keys from the JWK file, potentially exposing private/secret key credentials if present, though newer CXF releases restrict to the key with the matching ali...
CVE-2018-8039
CVE-2018-8039: Apache CXF could allow a remote attacker to conduct a man‑in‑the‑middle attack due to TLS hostname verification not working when using com.sun.net.ssl. In CXF versions prior to 3.2.5 and 3.1.16 the exception is not properly propagated, leaving clients vulnerable. IBM/Oracle/Red Hat...
CVE-2020-13954
CVE-2020-13954 is an Apache CXF cross-site scripting (XSS) vulnerability exposed via the /services listing page. The issue arises from improper validation of user-supplied input through styleSheetPath, enabling an attacker to inject script when the URL is visited. Public documentation in the init...
CVE-2020-1954
CVE-2020-1954 affects Apache CXF JMX integration; a MITM is possible if the createMBServerConnectorFactory setting on the InstrumentationManagerImpl is not disabled, allowing an on-host attacker to rebind the JMX registry and proxy traffic to access exchanged data. The issue is documented across ...
CVE-2024-29736
CVE-2024-29736: Apache CXF WADL stylesheet SSRF. The issue arises from improper validation of the WADL stylesheet parameter, enabling SSRF against REST services when a custom stylesheet parameter is configured. Affected CXF versions are before 4.0.5, 3.6.4, and 3.5.9. Mitigation: upgrade CXF to 4...
CVE-2025-48913
CVE-2025-48913 affects Apache CXF where untrusted users configuring JMS could exploit RMI/LDAP URLs to achieve code execution. The issue arises from CXF JMS configuration allowing unsafe protocols; the interface now rejects those protocols to remove the possibility of remote code execution. Publi...
CVE-2017-12624
CVE-2017-12624 affects Apache CXF JAX-WS/JAX-RS attachments. A crafted message attachment header can cause Denial of Service on CXF web services. From CXF 3.2.1 and 3.1.14, headers longer than 300 characters are rejected by default; this threshold is configurable via attachment-max-header-size.
CVE-2012-2379
CVE-2012-2379 is tied to Apache CXF in the 2.4.x/2.5.x/2.6.x lines where a Supporting Token with a child WS-SecurityPolicy 1.1/1.2 policy may fail to ensure an XML element is signed or encrypted. The F5 advisory repository lists this CVE among multiple CXF/JBoss issues, reiterating the same under...
CVE-2011-2487
CVE-2011-2487 is referenced by GitHub advisory GHSA-vjwc-5HFH-2VV5, which notes that Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 leak information about decryption failures when decrypting an encrypted key or message data, making it easier to recover plaintext keys via crafted messages. The ...
CVE-2024-41172
CVE-2024-41172 affects Apache CXF: CXF's HTTP transports (HTTP client conduit) in CXF prior to 3.6.4 and 4.0.5 may fail to garbage collect HTTPClient instances, allowing memory usage to grow and potentially cause out-of-memory DoS. The placeholder indicates 3.5.x is not impacted. Public documents...
CVE-2025-48795
Apache CXF contains a memory-pressure vulnerability where large stream-based messages stored as temporary files are fully read into memory and logged, enabling potential DoS via out-of-memory when logs are written unencrypted. Fixes are available in CXF versions 3.5.11, 3.6.6, 4.0.7, and 4.1.1, w...
CVE-2012-5575
CVE-2012-5575 affects Apache CXF: versions 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 do not verify that the chosen cryptographic algorithm is allowed by WS-SecurityPolicy AlgorithmSuite before decrypting, enabling an attacker to coerce the use of weaker algorithms an...
CVE-2014-0034
CVE-2014-0034 affects Apache CXF: the SecurityTokenService (STS) does not properly validate SAML tokens when caching is enabled, enabling a remote attacker to gain access with an invalid SAML token. Affected: CXF before 2.6.12 and 2.7.x before 2.7.9. Root cause: inadequate validation of SAML toke...
CVE-2012-3451
CVE-2012-3451 affects Apache CXF. Vulnerable versions: CXF 2.4.x before 2.4.9; 2.5.x before 2.5.5; 2.6.x before 2.6.2. An attacker can cause remote web-service operations to be executed by sending a SOAP Action header that is inconsistent with the message body. The impact is “remote execution of ...
CVE-2012-2378
CVE-2012-2378 affects Apache CXF: versions 2.4.5–2.4.7, 2.5.1–2.5.3, and 2.6.x before 2.6.1. The issue is a flaw in enforcing WS-SecurityPolicy 1.1 SupportingToken child policies on the client side, allowing remote attackers to bypass the policies for AlgorithmSuite, SignedParts, SignedElements, ...
CVE-2017-5653
CVE-2017-5653 affects Apache CXF JAX-RS XML Security streaming clients. The root cause is that these clients do not validate that the service response was signed or encrypted, enabling remote attackers to spoof servers. Affected: CXF versions prior to 3.1.11 and 3.0.13. Impact (per public records...
CVE-2024-32007
CVE-2024-32007 affects Apache CXF: improper input validation of the p2c parameter in JOSE code can allow a denial-of-service via a token with a large p2c. Affected branches include CXF 4.0.x (before 4.0.5) and older 3.6.x/3.5.x lines (3.6.4, 3.5.9). Mitigation is to upgrade to a fixed release (i....
CVE-2016-8739
CVE-2016-8739 affects the CXF JAX-RS Abdera-based Atom readers, which expand XML entities by default, enabling an XML External Entity (XXE) risk. Affected: Apache CXF JAX-RS before 3.0.12 and before 3.1.x before 3.1.9. Impact per sources: potential read of arbitrary files via crafted XML. Remedia...
CVE-2012-5633
The CVE-2012-5633 issue affects Apache CXF’s URIMappingInterceptor when paired with WSS4JInInterceptor. Versions affected are CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2. The vulnerability bypasses WS-Security processing, enabling remote attackers to bypass security and access SO...
CVE-2017-5656
CVE-2017-5656 : Apache CXF’s STSClient (before 3.1.11 and 3.0.13) caches delegation-related tokens in a flawed way, enabling an attacker to craft a token that resolves to a cached token identifier belonging to another user. This can bypass security restrictions. The provided documents confirm the...
CVE-2017-3156
The CVE-2017-3156 issue concerns the OAuth2 Hawk and JOSE MAC validation in Apache CXF. The connected advisories identify a root cause: the MAC signature comparison is not performed in constant time, creating exposure to timing attacks. Affected CXF versions are before 3.0.13 and before 3.1.10 in...
CVE-2015-5253
CVE-2015-5253 affects Apache CXF SAML Web SSO module: remote authenticated bypass via a crafted SAML response with a valid signed assertion, related to a wrapping attack. Affected versions include CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3. The vulnerability can bypass authenti...
CVE-2013-2160
CVE-2013-2160 affects Apache CXF’s streaming XML parser. Versions affected: CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4. A crafted XML payload with a very large number of elements/attributes/nested constructs can cause denial of service through CPU and memory exhaustion. T...
CVE-2010-2076
CVE-2010-2076 affects Apache CXF: versions 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9 used in various projects (ServiceMix, Camel, jUDDI, Geronimo, etc.). The issue is failure to reject DTDs in SOAP messages, enabling an attacker to read arbitrary files, make HTTP requests t...
CVE-2016-6812
CVE-2016-6812 affects the HTTP transport module of Apache CXF. The issue arises when the service list page is generated using the calculated base URL; if the request URL contains unexpected matrix parameters, they may be echoed back in the service endpoint URLs, causing a reflected cross‑site scr...
CVE-2014-3623
CVE-2014-3623 affects Apache WSS4J (used in Apache CXF) where, when configured with TransportBinding, it fails to properly enforce SAML SubjectConfirmation security semantics, enabling possible remote spoofing of web service endpoints. Affected versions: WSS4J before 1.6.17 and 2.x before 2.0.2 (...
CVE-2013-0239
CVE-2013-0239 affects Apache CXF: versions before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3. When plaintext UsernameToken WS-SecurityPolicy is enabled, a security header containing a UsernameToken element with no password can bypass authentication. This is an authentication bypass vulnera...
CVE-2014-0109
CVE-2014-0109 (Apache CXF) affects CXF before 2.6.14 and 2.7.x before 2.7.11. The vulnerability allows a remote attacker to trigger a denial of service (memory exhaustion) by sending a large request with Content-Type: text/html to a SOAP endpoint, which triggers an error. The provided connected s...
CVE-2014-3584
The vulnerability CVE-2014-3584 affects Apache CXF’s SamlHeaderInHandler. In CXF versions before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1, a crafted SAML token in the authorization header to a JAX-RS service can trigger an infinite loop, causing a denial of service. Remediation is to up...
CVE-2012-0803
Apache CXF CVE-2012-0803 affects CXF 2.4.5 and 2.5.1 where WS-SP UsernameToken policy validation against the security header UsernameToken is broken, allowing a malicious client to bypass authentication by sending an empty UsernameToken in a SOAP request. The issue arises from CXF not validating ...
CVE-2014-0035
The CVE-2014-0035 issue affects Apache CXF, specifically SymmetricBinding when EncryptBeforeSigning is enabled and UsernameToken policy is EncryptedSupportingToken. The vulnerability causes the UsernameToken to be transmitted in cleartext, enabling an attacker to sniff sensitive information over ...
CVE-2014-0110
The CVE-2014-0110 entry concerns Apache CXF (affected versions: before 2.6.14 and 2.7.x before 2.7.11) where processing a large invalid SOAP message can cause a denial of service by exhausting temporary disk space. The issue is documented across multiple sources (including GHSA and OSV entries) a...
CVE-2012-5786
Apache CXF’s wsdl_first_https sample in versions before 2.7.0 fails to verify server hostname against the certificate’s CN/subjectAltName, enabling MITM spoofing with an arbitrary valid certificate. This is tied to the sample’s DN check bypass flag. Publicly documented impact is limited to the sa...
CVE-2026-44930
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-44417
CVE-2026-44417 is an Apache CXF-related issue that completes the fix for CVE-2025-48913. The vulnerability arises when untrusted users can configure JMS in CXF, potentially enabling code execution. The published advisories indicate an incomplete fix previously, and upgrades are recommended to mit...
CVE-2026-44618
Technical details for CVE-2026-44618 are not publicly available in the provided documents. The records mention an XXE vulnerability in Apache CXF WS-Transfer and upgrade versions, but no further specifics are provided. Monitor for updates.
CVE-2026-50633
The CVE-2026-50633 issue is a JNDI Injection vulnerability in Apache CXF’s JCA integration module (DispatchMDBMessageListenerImpl). The vulnerability allows code execution when an attacker can manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Affected software is...
CVE-2026-50631
CVE-2026-50631 : A TOCTOU race condition in Apache CXF's AbstractOAuthDataProvider allows concurrent requests to reuse the same Refresh Token when recycleRefreshTokens is false, bypassing single-use semantics and generating multiple valid Access Tokens. This can enable token replay/abuse by multi...
CVE-2026-50634
CVE-2026-50634 affects Apache CXF's JwsJsonContainerRequestFilter. The vulnerability allows CXF to process metadata that was not authenticated by the accepted signature, bypassing the assumption that Content-Type or protected HTTP-header metadata came from a verified signature. This can influence...
CVE-2026-50645
CVE-2026-50645 affects Apache CXF during message deserialization, where there is no restriction on the number of attachment headers. This can enable uncontrolled resource consumption and a denial-of-service condition. The issue is mitigated by limiting attachments per message to a default maximum...