Cxf@* Security Vulnerabilities and Issues — Cxf@* CVE List

Lucene search

ApacheCxf*

16 matches found

CVE•added 2022/12/13 5:15 p.m.•375 views

CVE-2022-46364

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

9.8CVSS9.4AI score0.00102EPSS

CVE•added 2024/03/15 11:15 a.m.•343 views

CVE-2024-28752

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

9.3CVSS8.2AI score0.00362EPSS

CVE•added 2025/01/21 10:15 a.m.•315 views

CVE-2025-23184

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

7.5CVSS5.6AI score0.00318EPSS

CVE•added 2022/12/13 3:15 p.m.•306 views

CVE-2022-46363

A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes ar...

7.5CVSS8.4AI score0.00074EPSS

CVE•added 2021/06/16 12:15 p.m.•228 views

CVE-2021-30468

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to...

7.5CVSS7.4AI score0.00399EPSS

CVE•added 2021/04/02 10:15 a.m.•227 views

CVE-2021-22696

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI f...

7.5CVSS7.4AI score0.00487EPSS

CVE•added 2019/11/06 9:15 p.m.•201 views

CVE-2019-12406

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3...

6.5CVSS6.3AI score0.0207EPSS

CVE•added 2020/01/16 6:15 p.m.•165 views

CVE-2019-12423

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the p...

7.5CVSS7.2AI score0.01318EPSS

CVE•added 2018/07/02 1:29 p.m.•161 views

CVE-2018-8039

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun...

8.1CVSS6.4AI score0.0191EPSS

CVE•added 2020/11/12 1:15 p.m.•146 views

CVE-2020-13954

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnera...

6.1CVSS6.4AI score0.15538EPSS

CVE•added 2020/04/01 9:15 p.m.•137 views

CVE-2020-1954

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An atta...

5.3CVSS5.3AI score0.001EPSS

CVE•added 2024/07/19 9:15 a.m.•123 views

CVE-2024-29736

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.

9.1CVSS6.5AI score0.00197EPSS

CVE•added 2012/09/24 5:55 p.m.•90 views

CVE-2012-3451

Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

4.3CVSS9.2AI score0.09969EPSS

CVE•added 2024/07/19 9:15 a.m.•88 views

CVE-2024-32007

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.

7.5CVSS6.7AI score0.00172EPSS

CVE•added 2015/11/18 4:59 p.m.•78 views

CVE-2015-5253

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

4CVSS8AI score0.00336EPSS

CVE•added 2025/08/08 10:15 a.m.•57 views

CVE-2025-48913

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, ...

9.8CVSS6.9AI score0.00108EPSS