Apache

Cxf

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 5.85%
  • Veröffentlicht 15.03.2024 11:15:09
  • Zuletzt bearbeitet 27.06.2025 15:06:40

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (inclu...

  • EPSS 1.93%
  • Veröffentlicht 13.12.2022 17:15:17
  • Zuletzt bearbeitet 22.04.2025 03:15:20

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

  • EPSS 1.19%
  • Veröffentlicht 13.12.2022 15:15:11
  • Zuletzt bearbeitet 22.04.2025 03:15:20

A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and red...

  • EPSS 10.45%
  • Veröffentlicht 19.09.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:24:34

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacke...

  • EPSS 7.02%
  • Veröffentlicht 16.06.2021 12:15:12
  • Zuletzt bearbeitet 21.11.2024 06:03:58

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF vers...

  • EPSS 6.59%
  • Veröffentlicht 02.04.2021 10:15:12
  • Zuletzt bearbeitet 21.11.2024 05:50:28

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" par...

  • EPSS 42.99%
  • Veröffentlicht 12.11.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:13

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to ...

  • EPSS 6.15%
  • Veröffentlicht 01.04.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:11:43

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to...

  • EPSS 1.76%
  • Veröffentlicht 11.03.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 01:28:23

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

  • EPSS 7.06%
  • Veröffentlicht 16.01.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:33

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into ...