Cxf@2.5.2 Security Vulnerabilities and Issues — Cxf@2.5.2 CVE List

Lucene search

ApacheCxf2.5.2

3 matches found

CVE•added 2013/01/05 12:55 a.m.•89 views

CVE-2012-2378

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) Encryp...

4.3CVSS9.2AI score0.04238EPSS

CVE•added 2014/05/08 2:29 p.m.•65 views

CVE-2014-0109

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.

4.3CVSS8.6AI score0.06069EPSS

CVE•added 2014/05/08 2:29 p.m.•58 views

CVE-2014-0110

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.

4.3CVSS8.6AI score0.06069EPSS