30 matches found
CVE-2022-46364
CVE-2022-46364 describes an SSRF in Apache CXF when parsing the href attribute of XOP:Include in MTOM requests, affecting CXF versions before 3.5.5 and 3.4.10. The vulnerability enables SSRF-style attacks on webservices with at least one parameter. Remediation is to upgrade to CXF 3.5.5+ or 3.4.1...
CVE-2024-28752
CVE-2024-28752 is a SSRF vulnerability in Apache CXF’s Aegis DataBinding. Affected CXF versions are those before 4.0.4, 3.6.3, and 3.5.8; the issue enables SSRF-style attacks on web services that take at least one parameter. Other data bindings (including default) are not impacted. Remediation: u...
CVE-2025-23184
CVE-2025-23184 describes a potential denial-of-service in Apache CXF where CachedOutputStream instances may not be closed in edge cases, risking file-system exhaustion if backed by temporary files on servers or clients. Affected CXF versions are before 3.5.10, 3.6.5, and 4.0.6. The NVD/Apache-mod...
CVE-2022-46363
CVE-2022-46363 involves Apache CXF. The vulnerability arises when CXFServlet is configured with both static-resources-list and redirect-query-check attributes, enabling remote directory listing or code exfiltration. Affected CXF versions are pre-3.5.5 and pre-3.4.10. The IBM security bulletin cor...
CVE-2021-30468
CVE-2021-30468 is a denial-of-service issue in Apache CXF caused by an infinite loop in the JsonMapObjectReaderWriter. Connected IBM advisories confirm the vulnerability affects CXF usage in IBM products (e.g., Tivoli Network Manager IP Edition and IBM Security Guardium) and list the affected CXF...
CVE-2021-22696
CVE-2021-22696 affects Apache CXF where improper validation of the request_uri parameter in OAuth 2 flows allows a remote attacker to cause a denial of service on the authorization server. The issue occurs when a JWT-based request uses a request_uri to fetch the token, with insufficient validatio...
CVE-2019-12406
CVE-2019-12406 describes a denial-of-service in Apache CXF where a message can include an excessive number of attachments. The fixed releases (CXF 3.3.4 and 3.2.11) enforce a default attachment limit of 50, configurable via the attachment-max-count property. IBM/materials reference CXF and note a...
CVE-2019-12423
CVE-2019-12423 affects Apache CXF OpenId Connect JWK Keys service. When rs.security.keystore.type is set to “jwk”, the service may return all keys from the JWK file, potentially exposing private/secret key credentials if present, though newer CXF releases restrict to the key with the matching ali...
CVE-2025-48913
CVE-2025-48913 affects Apache CXF where untrusted users configuring JMS could exploit RMI/LDAP URLs to achieve code execution. The issue arises from CXF JMS configuration allowing unsafe protocols; the interface now rejects those protocols to remove the possibility of remote code execution. Publi...
CVE-2018-8039
CVE-2018-8039: Apache CXF could allow a remote attacker to conduct a man‑in‑the‑middle attack due to TLS hostname verification not working when using com.sun.net.ssl. In CXF versions prior to 3.2.5 and 3.1.16 the exception is not properly propagated, leaving clients vulnerable. IBM/Oracle/Red Hat...
CVE-2020-13954
CVE-2020-13954 is an Apache CXF cross-site scripting (XSS) vulnerability exposed via the /services listing page. The issue arises from improper validation of user-supplied input through styleSheetPath, enabling an attacker to inject script when the URL is visited. Public documentation in the init...
CVE-2020-1954
CVE-2020-1954 affects Apache CXF JMX integration; a MITM is possible if the createMBServerConnectorFactory setting on the InstrumentationManagerImpl is not disabled, allowing an on-host attacker to rebind the JMX registry and proxy traffic to access exchanged data. The issue is documented across ...
CVE-2024-29736
CVE-2024-29736: Apache CXF WADL stylesheet SSRF. The issue arises from improper validation of the WADL stylesheet parameter, enabling SSRF against REST services when a custom stylesheet parameter is configured. Affected CXF versions are before 4.0.5, 3.6.4, and 3.5.9. Mitigation: upgrade CXF to 4...
CVE-2012-3451
CVE-2012-3451 affects Apache CXF. Vulnerable versions: CXF 2.4.x before 2.4.9; 2.5.x before 2.5.5; 2.6.x before 2.6.2. An attacker can cause remote web-service operations to be executed by sending a SOAP Action header that is inconsistent with the message body. The impact is “remote execution of ...
CVE-2024-32007
CVE-2024-32007 affects Apache CXF: improper input validation of the p2c parameter in JOSE code can allow a denial-of-service via a token with a large p2c. Affected branches include CXF 4.0.x (before 4.0.5) and older 3.6.x/3.5.x lines (3.6.4, 3.5.9). Mitigation is to upgrade to a fixed release (i....
CVE-2015-5253
CVE-2015-5253 affects Apache CXF SAML Web SSO module: remote authenticated bypass via a crafted SAML response with a valid signed assertion, related to a wrapping attack. Affected versions include CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3. The vulnerability can bypass authenti...
CVE-2026-49875
Apache CXF is affected by an XML External Entity (XXE) issue described as CVE-2026-49875. The vulnerability arises because EndpointReferenceUtils and W3CMultiSchemaFactory construct a SAXParserFactory without proper JAXP hardening, enabling out-of-band (OOB) external entity resolution. Affected c...
CVE-2026-44417
CVE-2026-44417 is an Apache CXF-related issue that completes the fix for CVE-2025-48913. The vulnerability arises when untrusted users can configure JMS in CXF, potentially enabling code execution. The published advisories indicate an incomplete fix previously, and upgrades are recommended to mit...
CVE-2026-50634
CVE-2026-50634 affects Apache CXF's JwsJsonContainerRequestFilter. The vulnerability allows CXF to process metadata that was not authenticated by the accepted signature, bypassing the assumption that Content-Type or protected HTTP-header metadata came from a verified signature. This can influence...
CVE-2026-50633
The CVE-2026-50633 issue is a JNDI Injection vulnerability in Apache CXF’s JCA integration module (DispatchMDBMessageListenerImpl). The vulnerability allows code execution when an attacker can manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Affected software is...
CVE-2026-50628
CVE-2026-50628 concerns Apache CXF’s OAuthRequestFilter, where a logic error creates an inverted IP binding check: legitimate requests from the bound IP are rejected while requests from other IPs are allowed. Red Hat’s advisory attributes this to the OAuthRequestFilter component of CXF and notes ...
CVE-2026-44930
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-50645
CVE-2026-50645 affects Apache CXF during message deserialization, where there is no restriction on the number of attachment headers. This can enable uncontrolled resource consumption and a denial-of-service condition. The issue is mitigated by limiting attachments per message to a default maximum...
CVE-2026-50631
CVE-2026-50631 : A TOCTOU race condition in Apache CXF's AbstractOAuthDataProvider allows concurrent requests to reuse the same Refresh Token when recycleRefreshTokens is false, bypassing single-use semantics and generating multiple valid Access Tokens. This can enable token replay/abuse by multi...
CVE-2026-50632
CVE-2026-50632 : Apache CXF exposes a JNDI Injection vulnerability in the JMSConfigFactory. The issue arises when untrusted users configure JMS, potentially allowing code execution. Affected versions are addressed by upgrades to 4.2.2 or 4.1.7. The NVD/CVEs and related feeds document this as a co...
CVE-2026-44618
Technical details for CVE-2026-44618 are not publicly available in the provided documents. The records mention an XXE vulnerability in Apache CXF WS-Transfer and upgrade versions, but no further specifics are provided. Monitor for updates.
CVE-2026-50627
The CVE-2026-50627 issue affects Apache CXF’s JwtAccessTokenValidator, which fails to validate the aud (Audience) claim in incoming JWT access tokens. As described in multiple sources (NVD/Red Hat/CVE List/etc.), a token issued for one Resource Server could be replayed against a different Resourc...
CVE-2026-50630
The CVE-2026-50630 issue affects Apache CXF’s OAuth2 implementation, where the AuthorizationUtils class concatenates the realm parameter into the WWW-Authenticate header without sanitizing CR/LF characters. This can enable header injection or HTTP response splitting if an attacker controls the re...
CVE-2026-50629
The CVE-2026-50629 issue affects Apache CXF’s OAuth2 server where the 'clientId' from HTTP requests is concatenated into log warning messages without sanitizing control characters. This creates log injection risk by allowing arbitrary content in logs. Root cause: unsanitized control characters in...
CVE-2026-50623
CVE-2026-50623 affects Apache CXF’s OAuth2 TokenIntrospectionService. A missing 'throw' in the security context check permits access to the introspection endpoint (/services/oauth2/introspect) by any unauthenticated network attacker. This bypass is tied to a safeguard condition when authenticatio...