Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheCxf

3 matches found

CVE
CVEadded 2025/01/21 10:15 a.m.301 views

CVE-2025-23184

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

7.5CVSS5.6AI score0.00318EPSS
CVE
CVEadded 2025/07/15 3:15 p.m.58 views

CVE-2025-48795

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory ex...

5.6CVSS6.3AI score0.00077EPSS
CVE
CVEadded 2025/08/08 10:15 a.m.42 views

CVE-2025-48913

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, ...

9.8CVSS6.9AI score0.00097EPSS