Cxf@3.1.5 Security Vulnerabilities and Issues — Cxf@3.1.5 CVE List

Lucene search

ApacheCxf3.1.5

3 matches found

CVE•added 2017/08/10 6:29 p.m.•79 views

CVE-2016-8739

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.

7.8CVSS7.3AI score0.02672EPSS

CVE•added 2017/08/10 6:29 p.m.•74 views

CVE-2017-3156

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

7.5CVSS7.3AI score0.1307EPSS

CVE•added 2017/08/10 4:29 p.m.•71 views

CVE-2016-6812

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The ...

6.1CVSS6.4AI score0.0656EPSS